Cloud Choices Quantifying the Cost and Risk Implications of CloudAmazon Web Services
- The document discusses quantifying the costs and risks of cloud computing choices. It addresses how perception and cognitive biases can impact outcomes of IT projects.
- Key factors that influence cloud adoption outcomes are identified, including focus on business impact, accountability, learning from past projects, planning, stakeholder consensus, leadership, and execution capabilities.
- Methods are presented for assessing complexity, decisiveness, and measuring costs, risks, and value to make informed cloud choices and reduce risks of cloud migration.
Enterprise DevOps: Begin with Production-Ready Migration (ENT217-R1) - AWS re...Amazon Web Services
DevOps is a powerful movement that can help enterprises speed up their rate of innovation. But many customers think DevOps can work only with their cloud-native applications. Enterprise DevOps is a set of best practices anchored by real-life customer experiences that enable large organizations to apply the speed and agility of DevOps to all of their applications without sacrificing security and compliance. And it all begins with production-ready migration. In this session, you learn 1) how to execute your migration with successful ongoing operations in mind, 2) how to integrate existing operational models (e.g., ITIL) with modern cloud best practices (e.g., DevOps), and 3) how enterprises like National Australia Bank are leveraging the Enterprise DevOps framework to run their business.
Traditionally, technology governance has required long, detailed documents and hours of work for IT managers, security or audit professionals, and administrators. Automating governance on AWS offers a better way. AWS services modernize technology governance by enshrining policy into code and embedding security guardrails at the development level, to provide reliable policy implementation and allow for continuous and real-time auditing capabilities. Leave this session with a better understanding of the benefits of automating technology governance and managing security and compliance with AWS.
Presenter: John McDonald, Financial Services Compliance Specialist, AWS
Transforming Enterprise IT - AWS Transformation Day 2018: DetroitAmazon Web Services
The document discusses transforming enterprise IT using cloud technologies. It notes that IT organizations have two main goals - reducing costs of current technology while also enabling business innovation. The document outlines how AWS, along with partners like Intel and VMware, can help enterprises develop hybrid cloud architectures to achieve these goals through services that provide security, flexibility and cost savings. It provides examples of how various industries are using AWS capabilities and services.
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid SolutionAmazon Web Services
Government agencies are increasingly turning to commercial cloud service providers for the infrastructure flexibility to achieve consolidation, application modernization, and disaster recovery goals. For government customers running vSphere workloads, VMware and AWS have teamed up to provide a hybrid-cloud solution that eliminates the complexity and intensive resource management required to adopt the cloud. VMware Cloud on AWS™ removes traditional barriers to hybrid-cloud portability by integrating VMware Software-Defined Data Center (SDDC) technologies with AWS global infrastructure and application services. Customers can run VMware SDDC solutions on dedicated, bare-metal AWS infrastructure to create a common-cloud infrastructure, with unified deployment and operations across on-premises and public-cloud environments. Don’t miss this opportunity to discover why organizations are using VMware Cloud on AWS to bring to market hybrid-cloud strategies that streamline service delivery and your ability to achieve your mission.
Tim Hearn, Director, UK Public Sector, VMWare UK; Paul Bockelman, Senior Manager, Amazon Web Services
Trends in Digital Transformation (ARC212) - AWS re:Invent 2018Amazon Web Services
As industries digitally transform their existing business models to fend off competitors or disrupt new markets, they find their IT to be a limiting factor. In this session, we cover the trends of disruptions and opportunities of digital transformation, and the evolution of IT monoliths to microservices and now cloud native services. We also explore dependency management, or “lock in,” through a “choosing, using, and losing” mental model. Finally, we explore chaos architecture as an evolving method for exposing weaknesses before they become real problems.
At AWS, security is job zero. AWS has worked with global enterprises to meet their respective security requirements and has developed a broad portfolio of services to help customers run highly secure workloads in the cloud. This session will describe how Amazon has been managing security of the cloud at hyper-scale and adding new capabilities that help secure customer applications and data such as Inspector, GuardDuty, and Macie. Leave this session with a better understanding of how these services operate and how easy it is to integrate them into your secure cloud environment.
Presenter: Kurt Gray, Global Account Solutions Architect, AWS
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
Speaker: Alejandra Artiguez, FSI Compliance Program Manager, APAC, AWS Customer Speaker: Clara Lee Hui Theng, Head Technology & Operations, RHB Bank Berhad (Singapore)
Security and Compliance is a shared responsibility between AWS and the customer. In this session we will examine the AWS Shared responsibility model, and AWS compliance programs customers can use to gain assurance of security controls in the cloud. We will dive-deep into a number of cloud native security services that customers can use to protect their critical systems when migrating to AWS. Finally we will review a next-generation approach to audit and continuous compliance leveraging automation to identify mis-configurations and perform automatic remediatation to protect your AWS workloads.
Cloud Choices Quantifying the Cost and Risk Implications of CloudAmazon Web Services
- The document discusses quantifying the costs and risks of cloud computing choices. It addresses how perception and cognitive biases can impact outcomes of IT projects.
- Key factors that influence cloud adoption outcomes are identified, including focus on business impact, accountability, learning from past projects, planning, stakeholder consensus, leadership, and execution capabilities.
- Methods are presented for assessing complexity, decisiveness, and measuring costs, risks, and value to make informed cloud choices and reduce risks of cloud migration.
Enterprise DevOps: Begin with Production-Ready Migration (ENT217-R1) - AWS re...Amazon Web Services
DevOps is a powerful movement that can help enterprises speed up their rate of innovation. But many customers think DevOps can work only with their cloud-native applications. Enterprise DevOps is a set of best practices anchored by real-life customer experiences that enable large organizations to apply the speed and agility of DevOps to all of their applications without sacrificing security and compliance. And it all begins with production-ready migration. In this session, you learn 1) how to execute your migration with successful ongoing operations in mind, 2) how to integrate existing operational models (e.g., ITIL) with modern cloud best practices (e.g., DevOps), and 3) how enterprises like National Australia Bank are leveraging the Enterprise DevOps framework to run their business.
Traditionally, technology governance has required long, detailed documents and hours of work for IT managers, security or audit professionals, and administrators. Automating governance on AWS offers a better way. AWS services modernize technology governance by enshrining policy into code and embedding security guardrails at the development level, to provide reliable policy implementation and allow for continuous and real-time auditing capabilities. Leave this session with a better understanding of the benefits of automating technology governance and managing security and compliance with AWS.
Presenter: John McDonald, Financial Services Compliance Specialist, AWS
Transforming Enterprise IT - AWS Transformation Day 2018: DetroitAmazon Web Services
The document discusses transforming enterprise IT using cloud technologies. It notes that IT organizations have two main goals - reducing costs of current technology while also enabling business innovation. The document outlines how AWS, along with partners like Intel and VMware, can help enterprises develop hybrid cloud architectures to achieve these goals through services that provide security, flexibility and cost savings. It provides examples of how various industries are using AWS capabilities and services.
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid SolutionAmazon Web Services
Government agencies are increasingly turning to commercial cloud service providers for the infrastructure flexibility to achieve consolidation, application modernization, and disaster recovery goals. For government customers running vSphere workloads, VMware and AWS have teamed up to provide a hybrid-cloud solution that eliminates the complexity and intensive resource management required to adopt the cloud. VMware Cloud on AWS™ removes traditional barriers to hybrid-cloud portability by integrating VMware Software-Defined Data Center (SDDC) technologies with AWS global infrastructure and application services. Customers can run VMware SDDC solutions on dedicated, bare-metal AWS infrastructure to create a common-cloud infrastructure, with unified deployment and operations across on-premises and public-cloud environments. Don’t miss this opportunity to discover why organizations are using VMware Cloud on AWS to bring to market hybrid-cloud strategies that streamline service delivery and your ability to achieve your mission.
Tim Hearn, Director, UK Public Sector, VMWare UK; Paul Bockelman, Senior Manager, Amazon Web Services
Trends in Digital Transformation (ARC212) - AWS re:Invent 2018Amazon Web Services
As industries digitally transform their existing business models to fend off competitors or disrupt new markets, they find their IT to be a limiting factor. In this session, we cover the trends of disruptions and opportunities of digital transformation, and the evolution of IT monoliths to microservices and now cloud native services. We also explore dependency management, or “lock in,” through a “choosing, using, and losing” mental model. Finally, we explore chaos architecture as an evolving method for exposing weaknesses before they become real problems.
At AWS, security is job zero. AWS has worked with global enterprises to meet their respective security requirements and has developed a broad portfolio of services to help customers run highly secure workloads in the cloud. This session will describe how Amazon has been managing security of the cloud at hyper-scale and adding new capabilities that help secure customer applications and data such as Inspector, GuardDuty, and Macie. Leave this session with a better understanding of how these services operate and how easy it is to integrate them into your secure cloud environment.
Presenter: Kurt Gray, Global Account Solutions Architect, AWS
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
Speaker: Alejandra Artiguez, FSI Compliance Program Manager, APAC, AWS Customer Speaker: Clara Lee Hui Theng, Head Technology & Operations, RHB Bank Berhad (Singapore)
Security and Compliance is a shared responsibility between AWS and the customer. In this session we will examine the AWS Shared responsibility model, and AWS compliance programs customers can use to gain assurance of security controls in the cloud. We will dive-deep into a number of cloud native security services that customers can use to protect their critical systems when migrating to AWS. Finally we will review a next-generation approach to audit and continuous compliance leveraging automation to identify mis-configurations and perform automatic remediatation to protect your AWS workloads.
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
This document discusses how big data and machine learning can be combined using Amazon Web Services (AWS). It covers common big data challenges around which tools to use, what data is available, and how to get started. It then demonstrates how to populate and query a data catalog on AWS to understand available data. Finally, it shows how machine learning can be driven by big data to generate better insights and products using agile AWS services.
What IT Transformation Really Means for the EnterpriseTom Laszewski
The document discusses the challenges facing enterprises and how transformation is needed. It outlines both the disadvantages enterprises currently face, such as high customer expectations and constant change, as well as advantages they have like existing customer bases and resources. It then discusses how enterprises can transform by adopting new mechanisms, architectures, cultures and organizations that promote innovation, such as developing minimum viable products, using microservices architectures, and establishing small autonomous teams. New technologies like serverless computing and machine learning are also enabling this transformation. Overall, the document argues that enterprises of all kinds must transform to keep up with the changing environment.
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Amazon Web Services
Artificial intelligence and machine learning are no longer the stuff of science fiction. Organisations of all sizes are using these tools to create innovative artificial intelligences applications – namely, Amazon.com's own retail experience. Join us for an inside look at how Amazon thinks about this technology, and hear from Skinvision on how they’re using machine learning for early skin-cancer detection. Through these stories, gain insight into a range of new machine learning services on AWS for use in your own business.
Breght Boschker, CTO, Skinvision
Miguel Rojo Rossi, Solutions Architect Lead, AWS
Transforming Enterprise IT- Transformation Day Philadelphia 2018Amazon Web Services
As more and more enterprises start down the path of their digital transformation, the pressure on their IT organizations to support innovation across the business couldn’t be higher. In this session, we will outline a number of cutting edge technologies as well as an operating model that will allow IT to position itself as a business enabler and not a blocker. We will be sharing some mechanisms that will enable the IT organization to meet the pace of innovation that is being set by the business while giving them the flexibility to leverage existing assets.
How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...Amazon Web Services
Cloud-native and with security integrated early in the software development process, Nubank is the largest digital bank in the world outside of Asia. Demand for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. In this session, Nubank CTO Edward Wible discusses how the company mixes engineering culture, security philosophy and structure, automation, and integration with AWS security services. Learn how to leverage the day-to-day software development workflow for extensive security and maximum engineering throughput while minimizing the operational pain of running a large infrastructure.
Jonathan Allen outlines a 12-step approach to scaling talent transformation to the cloud. The key steps include: accepting the change, providing training and hands-on experience, creating small "two-pizza" cross-functional teams, bringing in experts, having teams build something real, scaling learning by splitting teams, pursuing certification, recognizing expertise, leading by example, and creating a unified job structure. The approach emphasizes organizational change management and building cloud skills at scale through a structured knowledge progression.
Come estendere gli ambienti VMware sul Cloud AWS
VMware Cloud on AWS è una soluzione integrata nel cloud sviluppata in collaborazione da AWS e VMware che offre un servizio altamente flessibile, sicuro e affidabile con cui le aziende possono eseguire la migrazione dei propri ambienti basati su VMware vSphere nel cloud AWS. VMware Cloud on AWS permette di portare in modo ancora piu’ semplice le proprie applicazioni esistsenti sulla infrastruttura cloud di Amazon e sfruttare gli innovativi servizi nativi di AWS. In questa sessione approfondiremo come, attraverso VMware Cloud on AWS, le aziende possono implementare i propri ambienti IT ibridi utilizzando le stesse tecnologie di VMware Cloud Foundation che apprezzano quotidianamente nei propri data center, senza dover acquistare prodotti hardware o software, riscrivere le applicazioni o modificare i propri modelli operativi.
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Amazon Web Services
Most likely, your organisation is not in the business of running data centers, yet a significant amount of time and money is spent doing just that. AWS provides a way to acquire and use infrastructure on-demand, so that you pay only for what you consume. This puts more money back into the business, so that you can innovate more, expand faster, and be better-positioned to take advantage of new opportunities.
Fabrizio Pappalardo, Partner Manager, AWS
This document summarizes an AWS seminar presentation on AI and machine learning services. It discusses AWS's mission to put machine learning in the hands of every developer and data scientist. It provides an overview of AWS machine learning application services like Amazon Rekognition, Polly, Lex, and Translate. It also covers AWS machine learning platform services like Amazon SageMaker and deep learning frameworks. Finally, it discusses AWS machine learning infrastructure services like EC2 P3 instances, the Deep Learning AMI, and AWS DeepLens.
Accelerating AWS Migrations Through Agile Transformation (DEV202-S) - AWS re:...Amazon Web Services
With an increasingly software-based value chain, Sysco Foods has been aggressively moving its infrastructure to AWS in a bid to maintain competitive position against digitally native rivals. Critical to this transition has been a holistic agile and DevOps transformation, which has accelerated cloud adoption through an IT product, platform, and service team structure specifically designed to automate and consume AWS services. In this session, we share the key lessons learned on how agile transformation can accelerate AWS migrations, and the implications of cloud enablement on IT organizations, talent, and culture. This session is brought to you by AWS partner, Deloitte Consulting LLP.
The document discusses lessons learned from Jonathan Allen's career in enterprise IT and strategies for moving to the cloud. It covers compelling reasons for cloud migration like agility, cost reduction, and facility decisions. It also discusses challenges of reskilling employees and account setup hurdles. The rest of the document outlines methods for modern product development using DevOps, agile teams, and design thinking. It emphasizes the importance of continuous testing and achieving organizational flow.
Overcoming the Challenges of Being a Next-Generation MSP (GPSCT312) - AWS re:...Amazon Web Services
In this chalk talk, we discuss how to overcome the challenges of moving from a traditional managed service provider (MSP) to a next-generation MSP on AWS. Topics include a next-generation services model with a strategy around DevOps, automation, and guiding customers in a self-service manner.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
The document discusses applying the NIST 800-53 high impact controls on AWS for GDPR compliance. It describes how AWS and third-party security tools like Trend Micro can help customers automate compliance with these controls by leveraging AWS services for identity and access management, logging, networking, and security tools for intrusion prevention, firewalls, and more. An AWS CloudFormation template called the Enterprise Accelerator provides an automated reference deployment of Trend Micro with AWS to help customers meet key NIST controls and simplify GDPR compliance efforts.
Embracing New Operating Models at Vanguard (FSV308-S-i) - AWS re:Invent 2018Amazon Web Services
This document outlines Vanguard's journey to embracing new operating models on AWS. It discusses Vanguard's brief history with cloud computing, the drivers for adopting a new operating model, and the organizational impacts of changes to their operating model. The document also addresses how Vanguard dealt with barriers to change and lessons they learned along the way.
Going from a hypothesis to a working machine learning model that infers answers in production requires a lot of time and effort. Moreover, the ability to answer questions related to specific results—such as, “what version of the code and data produced a particular inference?”—is paramount in highly regulated industries such as Financial Services. Modern development practices like continuous integration and deployment can accelerate the machine learning development process and provide a way to answer questions about data lineage. During this talk, you will learn how to combine Amazon SageMaker (a fully managed service that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale) with Amazon CodeCommit, CodeBuild, and CodePipeline to create a pipeline that automatically triggers changes when either your model code or training data changes.
Presenter: Felix Candelario, Principal Global Account Solutions Architect, AWS
The document discusses scaling applications from basic to advanced architectures on AWS. It begins with simple static websites hosted on S3 and evolves to include services like Route53, EC2, databases, authentication with Cognito, load balancing, auto-scaling, caching, and asynchronous processing. The final architectures shown are serverless, event-driven, and use microservices.
Workforce Transformation: How to Effectively Lead Change ManagementAmazon Web Services
While many leaders are committed to a digital transformation, plans can easily get derailed before reaching execution. CIOs and executives, alike, should consider a different approach—one that takes into account the human and behavioural complexities underpinning this challenge. In this session, we’ll share stories of leaders who have managed successful IT transformations and their lessons learned along the way. We’ll address how to build skills among your IT staff through training and certification. We’ll also discuss ways to take advantage of collaborative workspaces, and best practices to aid in an effective implementation.
Bert Weyne, ICT Responsible Application, Manager, Agentschap Wegen & Verkeer
Thomas Blood, EMEA Enterprise Evangelist, AWS
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfAmazon Web Services
As more and more enterprises start down the path of their digital transformation, the pressure on their IT organizations to support innovation across the business couldn’t be higher. In this session, we will outline a number of cutting edge technologies as well as an operating model that will allow IT to position itself as a business enabler and not a blocker. We will be sharing some mechanisms that will enable the IT organization to meet the pace of innovation that is being set by the business while giving them the flexibility to leverage existing assets.
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
This document discusses how big data and machine learning can be combined using Amazon Web Services (AWS). It covers common big data challenges around which tools to use, what data is available, and how to get started. It then demonstrates how to populate and query a data catalog on AWS to understand available data. Finally, it shows how machine learning can be driven by big data to generate better insights and products using agile AWS services.
What IT Transformation Really Means for the EnterpriseTom Laszewski
The document discusses the challenges facing enterprises and how transformation is needed. It outlines both the disadvantages enterprises currently face, such as high customer expectations and constant change, as well as advantages they have like existing customer bases and resources. It then discusses how enterprises can transform by adopting new mechanisms, architectures, cultures and organizations that promote innovation, such as developing minimum viable products, using microservices architectures, and establishing small autonomous teams. New technologies like serverless computing and machine learning are also enabling this transformation. Overall, the document argues that enterprises of all kinds must transform to keep up with the changing environment.
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Amazon Web Services
Artificial intelligence and machine learning are no longer the stuff of science fiction. Organisations of all sizes are using these tools to create innovative artificial intelligences applications – namely, Amazon.com's own retail experience. Join us for an inside look at how Amazon thinks about this technology, and hear from Skinvision on how they’re using machine learning for early skin-cancer detection. Through these stories, gain insight into a range of new machine learning services on AWS for use in your own business.
Breght Boschker, CTO, Skinvision
Miguel Rojo Rossi, Solutions Architect Lead, AWS
Transforming Enterprise IT- Transformation Day Philadelphia 2018Amazon Web Services
As more and more enterprises start down the path of their digital transformation, the pressure on their IT organizations to support innovation across the business couldn’t be higher. In this session, we will outline a number of cutting edge technologies as well as an operating model that will allow IT to position itself as a business enabler and not a blocker. We will be sharing some mechanisms that will enable the IT organization to meet the pace of innovation that is being set by the business while giving them the flexibility to leverage existing assets.
How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD (F...Amazon Web Services
Cloud-native and with security integrated early in the software development process, Nubank is the largest digital bank in the world outside of Asia. Demand for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. In this session, Nubank CTO Edward Wible discusses how the company mixes engineering culture, security philosophy and structure, automation, and integration with AWS security services. Learn how to leverage the day-to-day software development workflow for extensive security and maximum engineering throughput while minimizing the operational pain of running a large infrastructure.
Jonathan Allen outlines a 12-step approach to scaling talent transformation to the cloud. The key steps include: accepting the change, providing training and hands-on experience, creating small "two-pizza" cross-functional teams, bringing in experts, having teams build something real, scaling learning by splitting teams, pursuing certification, recognizing expertise, leading by example, and creating a unified job structure. The approach emphasizes organizational change management and building cloud skills at scale through a structured knowledge progression.
Come estendere gli ambienti VMware sul Cloud AWS
VMware Cloud on AWS è una soluzione integrata nel cloud sviluppata in collaborazione da AWS e VMware che offre un servizio altamente flessibile, sicuro e affidabile con cui le aziende possono eseguire la migrazione dei propri ambienti basati su VMware vSphere nel cloud AWS. VMware Cloud on AWS permette di portare in modo ancora piu’ semplice le proprie applicazioni esistsenti sulla infrastruttura cloud di Amazon e sfruttare gli innovativi servizi nativi di AWS. In questa sessione approfondiremo come, attraverso VMware Cloud on AWS, le aziende possono implementare i propri ambienti IT ibridi utilizzando le stesse tecnologie di VMware Cloud Foundation che apprezzano quotidianamente nei propri data center, senza dover acquistare prodotti hardware o software, riscrivere le applicazioni o modificare i propri modelli operativi.
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Amazon Web Services
Most likely, your organisation is not in the business of running data centers, yet a significant amount of time and money is spent doing just that. AWS provides a way to acquire and use infrastructure on-demand, so that you pay only for what you consume. This puts more money back into the business, so that you can innovate more, expand faster, and be better-positioned to take advantage of new opportunities.
Fabrizio Pappalardo, Partner Manager, AWS
This document summarizes an AWS seminar presentation on AI and machine learning services. It discusses AWS's mission to put machine learning in the hands of every developer and data scientist. It provides an overview of AWS machine learning application services like Amazon Rekognition, Polly, Lex, and Translate. It also covers AWS machine learning platform services like Amazon SageMaker and deep learning frameworks. Finally, it discusses AWS machine learning infrastructure services like EC2 P3 instances, the Deep Learning AMI, and AWS DeepLens.
Accelerating AWS Migrations Through Agile Transformation (DEV202-S) - AWS re:...Amazon Web Services
With an increasingly software-based value chain, Sysco Foods has been aggressively moving its infrastructure to AWS in a bid to maintain competitive position against digitally native rivals. Critical to this transition has been a holistic agile and DevOps transformation, which has accelerated cloud adoption through an IT product, platform, and service team structure specifically designed to automate and consume AWS services. In this session, we share the key lessons learned on how agile transformation can accelerate AWS migrations, and the implications of cloud enablement on IT organizations, talent, and culture. This session is brought to you by AWS partner, Deloitte Consulting LLP.
The document discusses lessons learned from Jonathan Allen's career in enterprise IT and strategies for moving to the cloud. It covers compelling reasons for cloud migration like agility, cost reduction, and facility decisions. It also discusses challenges of reskilling employees and account setup hurdles. The rest of the document outlines methods for modern product development using DevOps, agile teams, and design thinking. It emphasizes the importance of continuous testing and achieving organizational flow.
Overcoming the Challenges of Being a Next-Generation MSP (GPSCT312) - AWS re:...Amazon Web Services
In this chalk talk, we discuss how to overcome the challenges of moving from a traditional managed service provider (MSP) to a next-generation MSP on AWS. Topics include a next-generation services model with a strategy around DevOps, automation, and guiding customers in a self-service manner.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
The document discusses applying the NIST 800-53 high impact controls on AWS for GDPR compliance. It describes how AWS and third-party security tools like Trend Micro can help customers automate compliance with these controls by leveraging AWS services for identity and access management, logging, networking, and security tools for intrusion prevention, firewalls, and more. An AWS CloudFormation template called the Enterprise Accelerator provides an automated reference deployment of Trend Micro with AWS to help customers meet key NIST controls and simplify GDPR compliance efforts.
Embracing New Operating Models at Vanguard (FSV308-S-i) - AWS re:Invent 2018Amazon Web Services
This document outlines Vanguard's journey to embracing new operating models on AWS. It discusses Vanguard's brief history with cloud computing, the drivers for adopting a new operating model, and the organizational impacts of changes to their operating model. The document also addresses how Vanguard dealt with barriers to change and lessons they learned along the way.
Going from a hypothesis to a working machine learning model that infers answers in production requires a lot of time and effort. Moreover, the ability to answer questions related to specific results—such as, “what version of the code and data produced a particular inference?”—is paramount in highly regulated industries such as Financial Services. Modern development practices like continuous integration and deployment can accelerate the machine learning development process and provide a way to answer questions about data lineage. During this talk, you will learn how to combine Amazon SageMaker (a fully managed service that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale) with Amazon CodeCommit, CodeBuild, and CodePipeline to create a pipeline that automatically triggers changes when either your model code or training data changes.
Presenter: Felix Candelario, Principal Global Account Solutions Architect, AWS
The document discusses scaling applications from basic to advanced architectures on AWS. It begins with simple static websites hosted on S3 and evolves to include services like Route53, EC2, databases, authentication with Cognito, load balancing, auto-scaling, caching, and asynchronous processing. The final architectures shown are serverless, event-driven, and use microservices.
Workforce Transformation: How to Effectively Lead Change ManagementAmazon Web Services
While many leaders are committed to a digital transformation, plans can easily get derailed before reaching execution. CIOs and executives, alike, should consider a different approach—one that takes into account the human and behavioural complexities underpinning this challenge. In this session, we’ll share stories of leaders who have managed successful IT transformations and their lessons learned along the way. We’ll address how to build skills among your IT staff through training and certification. We’ll also discuss ways to take advantage of collaborative workspaces, and best practices to aid in an effective implementation.
Bert Weyne, ICT Responsible Application, Manager, Agentschap Wegen & Verkeer
Thomas Blood, EMEA Enterprise Evangelist, AWS
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfAmazon Web Services
As more and more enterprises start down the path of their digital transformation, the pressure on their IT organizations to support innovation across the business couldn’t be higher. In this session, we will outline a number of cutting edge technologies as well as an operating model that will allow IT to position itself as a business enabler and not a blocker. We will be sharing some mechanisms that will enable the IT organization to meet the pace of innovation that is being set by the business while giving them the flexibility to leverage existing assets.
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.
1. Cloud Adoption Journey reference framework to help Teams move to Cloud and become Cloud Native
2. Define basic Pillars to include Security & Compliance, Costs Optimization, Scalability and Performance as well as Operational Excellence, AWS Well-Architected as guidance
3. Goal is to assess and guide Companies/Teams in Portfolio to faster adopt and evolve Cloud concepts to focus on Business value
4. Governance as a key driver to boost flexibility, reduce risks and foster efficiency
5. Enterprise Transformation Architecture offerings
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Understand the processes for mass migration to AWS
- Become familiar and understand the key services, programs and solutions to help smooth the migration
- Provide a blueprint for the different migration strategies and models to help accelerate AWS adoption
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Amazon Web Services
Many of the fastest growing software businesses in Australia are going global by delivering software and services on the cloud, and choosing AWS to help them do this. These business are getting to market faster, improving the way they build and deliver their software, and focusing on the core features that matter to their customers. Come to this session to hear Adrian White, Head of Solutions Architecture - ISV, talk about the top software and technology trends on AWS to help you stay ahead of the curve. Also hear from Iain Rouse, Group Director Cloud at successful Australian ISV TechnologyOne, on how they've gone global with their software services, and how they've used AWS to do this. Finally, learn about the programs and products available to help you migrate, modernise and scale the delivery of your software services on AWS.
The document discusses Cardknox migrating over 1 million sensitive records to AWS. Cardknox faced challenges with scaling their legacy hosting environment. They migrated to AWS with help from Logicworks to gain agility, automation, and PCI compliance. The migration improved performance, security, and deployment speed while reducing manual IT work. Automation was key to maintaining compliance on AWS as their infrastructure changed frequently.
Migrate, Modernize, and Manage: Best Practices for a Cloud MigrationAmazon Web Services
Learn about best practices for migrating to the Cloud, and how we can integrate with your IT Operations Control / IT Service Management platform within AWS and enable this transition while ensuring governance, security, and access controls that can be deployed to your internal teams.
The document discusses how companies can build a Software as a Service (SaaS) platform using AWS. It notes that SaaS consumption is growing and offers benefits like frictionless onboarding and consumption-based pricing. It then discusses challenges companies may face in becoming SaaS providers and potential solutions like using AWS services to handle big data streams, improve extensibility and agility through containerization and CI/CD processes. The presentation concludes by emphasizing how offloading tasks to AWS managed services can help companies focus on delivering great SaaS.
How to Enhance Your Application Security Strategy with F5 on AWSAmazon Web Services
Sophisticated application-layer attacks are becoming increasingly prevalent, posing threats to your productivity and security that traditional firewalls are not well-equipped to handle. Selecting the right Web Application Firewall (WAF) is an important piece to stopping application threats and mitigating vulnerabilities.
Join our webinar to hear experts from F5 and AWS discuss how WAF solutions can help you better safeguard your data, meet compliance standards, and establish ongoing protection for your workloads on the cloud.
The Executive Security Simulation takes senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like competitive simulation, participants leverage an industry case study to make strategic security, risk, and compliance time-based decisions and investments. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. Join this workshop to gain an understanding of the major success factors to lead security, risk, and compliance in the cloud, and learn applicable decision and investment approaches to specific secure cloud adoption journeys. AWS facilitators translate lessons learned in the simulation into real-life examples and practical advice for your team.
Transforming Enterprise IT - AWS Transformation Day Boston 2018Amazon Web Services
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
The document discusses transitioning from a monolithic architecture to microservices and containers. It describes how Moka transformed its architecture using AWS services like ECS, Fargate, and Step Functions. This allowed Moka to scale its business 600% in a year while improving latency, innovation, and developer productivity through a more flexible architecture. The document also provides recommendations around configurations, CI/CD pipelines, and coordinating microservices.
Digital Transformation: Empowering People to Adapt to the CloudAmazon Web Services
A successful cloud-transformation journey incorporates three pillars: people, process, and technology. Too often, organizations focus on process improvements and technology implementation, but ignore the human aspect. Many leaders acknowledge that the first two are easy to modify, while influencing culture is more difficult. This session covers best-practice methods for empowering customers to address this challenge. Learn about roles and responsibilities germane to the transition and post-cloud adoption phase. Assess your organization’s gaps among the requisite skills and competencies. Build effective training models, and encourage an adaptive culture.
Ray Hession, Federal Government, Amazon Web Services
Giovanni Pizzoferrato, Director, Cloud & Big Data Technology, Canada Pension Plan Investment Board
*This session will be delivered in English and French
*Cette session sera livré en anglais et en français
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Amazon Web Services
Speaker: Romulo Gapuz, Solutions Architect, AWS
Up to 80% of enterprise IT budgets are spent on maintaining existing workloads and keeping the lights on versus focusing on new products and services to better serve customers. Migrating existing workloads to the cloud provide a lever to do that, providing efficiencies and benefits on your existing workloads.
What if you could focus your attention and resources on differentiating your company in the marketplace? What if you could innovate at startup-like speed? And finally, what if you could dramatically reduce the risks inherent in your present infrastructure?
As Public Sector development teams transition to cloud-based architectures and adopt more agile processes, the tools they need to support their development cycles will change. In this session, we'll take you through the transition that Amazon made to a service-oriented architecture over a decade ago. We will share the lessons we learned, the processes we adopted, and the tools we built to increase both our agility and reliability. We will also introduce you to the AWS Code family services which were born out of Amazon's internal DevOps experience and are utilised by many Public Sector customers globally.
Mario Vlachakis, Solutions Architect, AWS
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
Whether you are moving a small application or entire datacenters, migrating to the cloud can be a complex process. In this session, we will share some of the common challenges that our customers face on their journey to the cloud and discuss how these challenges can be overcome. We will outline the patterns of success that we have observed from partnering with hundreds of customers on their large-scale migrations as well as highlight the mechanisms we have created to help our customers migrate faster.
About the event
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
Who should attend?
This event is recommended for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud. CIOs, CTOs, CISOs, CDOs, CFOs, IT leaders and IT professionals, enterprise developers, business decision makers, and finance executives.
Rapid Innovation: The Business Case for Modern Application Development (SRV20...Amazon Web Services
Modern application development is not a buzzword—it’s an innovation strategy that organizations of all sizes can use to increase revenue, lower costs, and outpace the competition. In this session, learn how you can unblock digital product and service innovation for your own organization. Putting technology details aside, we explain what modern application development really is, why it matters to the business, what success metrics you should expect, and how to navigate your own transition.
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Amazon Web Services
The document discusses how the Well-Architected framework from AWS was used to help a customer transition their 20+ year old technology to the AWS cloud. It describes the challenges the customer faced with their on-premises infrastructure and how the Well-Architected pillars of security, reliability, performance efficiency, cost optimization, and operational excellence were applied. Examples are given for how tools like EC2, S3, CloudFormation, and Trusted Advisor can help optimize infrastructure for reliability, security, costs and operations on AWS.
Remediate Tech Debt or Drive Innovation - AWS Summit Sydney 2018Amazon Web Services
Remediate Tech Debt or Drive Innovation? Learn How to Do Both With Your Cloud Migration
Learn how to achieve the benefits of moving applications to the AWS platform, by designing a cloud migration model that retires tech debt and sets the platform for innovation. This includes establishing a compelling business case, acquiring new skills, implementing new business processes, and defining the application migration methodology to transform your business model from on-premise to a cloud infrastructure.
Miriam McLemore, Director, Enterprise Strategy & Evangelism, Amazon Web Services
Similar to 2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Deployments - DEV349-R1 (20)
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Three Foundational Principles for Security Everywhere in Financial Services [MG: NEEDS TO BE EDITED]
How do you bring a publicly traded financial services corporation to the public cloud securely? How can you establish and maintain robust security across the entire cloud footprint spanning hundreds of accounts from innovation labs to production environments with different rules and requirements? This was the challenge facing Broadridge Financial Solutions, a global fintech leader who provides communications, technology, data and analytics to help drive business transformation for its clients. In this session, Martin Klie will talk about how his team operationalized core security principles such as least privilege, guardrails, and temporary credentials to enforce consistent security and compliance across DevOps and IT environments in AWS.
Key Takeaways:
- Security considerations in DevOps -- separation of duties, granular access, and code security
- Key ingredients of the security stack for defense-in-depth protection
- Best practices to enforce regulatory compliance with guardrail
TALK TRACK: We’re going to mentioning a number of topics that are 60-minute discussions in and of themselves (x as code and DevOps; Security ….but what we want to focus are the particular use cases that our customers are using to deal with their real-world problems. So we want to move from more abstract notions of what it means to have secure and compliant software delivery to how our customers are actually using both AWS and 3rd-party tooling within their own
Key here is partner oriented: there are other talks at re:Invent that will take you through the AWS architecture for DevOps and DevSecOps, but Marketplace is significantly interested in how 3rd-party technologies can be super easily assorted and deployed into customers’ cloud environments.
*Can actually poll audience for a quick survey on what they think DevSecOps is and maybe even some domains/tools it covers.*
Key here is partner oriented: there are other talks at re:Invent that will take you through the AWS architecture for DevOps and DevSecOps, but Marketplace is significantly interested in how 3rd-party technologies can be super easily assorted and deployed into customers’ cloud environments.
*Can actually poll audience for a quick survey on what they think DevSecOps is and maybe even some domains/tools it covers.*
TALK TRACK: AWS Marketplace is a curated digital software catalog and simplifies the discovery, purchase, and deployment of third party software. We focus on speed with features like 1-click deployment, flexible pricing terms to provide you with a subscription based, elastic pricing option, and reliability to ensure software solutions in AWS Marketplace are reliable and ready to use on other AWS services.
TALK TRACK: AWS Marketplace provides an extensive selection in software categories like Security, Networking, Storage, Business Intelligence, Database and Analytics, and DevOps with flexible pricing options such as free trial, pay as you go, BYOL, and Seller Private Offers, while having multiple deployment options, helping you to customize software provisioning to fit your security policies, licensing terms, budgetary needs, and more. Helping you to customize and provision software the way you need it.
NOTE TO PRESENTER:
AWS Marketplace provides over 4,200 software solutions from more than 1,400 ISVs and continues to grow and help customers migrate to the cloud. Today, customers are deploying over 570 million hours of EC2 monthly. If you do the math, that’s about 848K hours being deployed just in this hour.
TALK TRACK: The trend and need for a cloud is accelerating. By 2021, it’s expected that 94% of workloads and instances will be processed by cloud data centers vs. traditional data centers, 73% of cloud workloads will be in public cloud, and 75% of cloud workloads will be SaaS. One of the biggest challenges companies run into during this process is finding a way to migrate existing on-premises software applications to the cloud. That’s where AWS Marketplace can help.
TALK TRACK: During this migration process, you’ll find that there are hundreds software solutions you’ll need to fully migrate over to the cloud (alluding to the 500+). Our data and research shows that most companies are honing in on 30-50 important choices from that selection across 12 categories of software. This stems from needing 2-4 ISVs in each category since most of the time, one ISV will not cover everything you need (alluding to the 50 vendors). And because customers don’t know how much usage they’ll need at this point, they rely on a pay as you go pricing terms. As mentioned, this is where AWS Marketplace can help, by providing ISVs with flexible pricing options they can provide to their customer. And of course, everyone relies on the 5 top vendors from the 6 named on this chart. AWS Marketplace manages Microsoft and Oracle offerings, and you can bring SAP, VMWare and IBM or SFDC onto AWS.
TALK TRACK: These are the top 8 categories in which software solutions are most often deployed. AWS Marketplace includes software solutions from key ISVs such as CentOS, Trend Micro, NetApp, Cisco, Adobe, AppDynamics and more. Altogether, there are 35 categories in AWS Marketplace, with multiple deployment types and commerce models.
TALK TRACK: For those that may not be aware – or for those that might need a refresher – AWS employs a shared responsibility model where AWS is responsible for security ‘of the cloud’ and customers are responsible for security ‘in the cloud’.
[Can point to some of the details in the AWS section vs the Customer section]
We strive to make security offerings available to cover the customer’s responsibility through AWS and 3rd-party. Broadridge: And a lot of what we’ll be talking about today is how 3rd-party solutions work with AWS services to provide help cover the needs of our customers. GDIT: A lot of what we’ll be exploring today is how GDIT utilizes a partner offering to cover their needs around continuous compliance and automated remediation of issues that crop up during their [fill in details]
Take this opportunity to remind the audience that we are really just here to prep you for the important stuff: how our customer thinks about compliance and security and how they see third-party technologies adding value to the services that AWS provides.
TALK TRACK: So before we talk about DevSecOps, it’s probably a good idea to take a look at what we mean by DevOps. It’s now very much a cliché that every company is a software company…and this is as true for ‘born in the cloud’ companies as it is for decades-old institutions that need to keep up with the expectations of their customers.
But just because every company is a software company doesn’t mean that every company provides continuously updated (new, improved) experiences for their customers. But for those that need to – or should – DevOps is the way to do this.
DevOps, for those who don’t know the term, refers to the merging of development and operations teams to ensure that new, innovative features have a better chance of being delivered frequently into operating environments that are capable of deploying those applications. Pre-DevOps, you saw a lot of friction between dev teams that favored speed and ops teams that favored stability. In fact, these were seen as incompatible. DevOps, in simplest terms, ensures that applications can be successfully deployed into production environments by automating the testing the infrastructure alongside the application code, and fixing problems before getting to the production stage. So in DevOps we are considering both the application code and the infrastructure code as inextricably linked to produce functional application code on top of supportive infrastructure code.
So here we’ve broken down the different software delivery options… the biggest difference between Waterfall and Agile/DevOps, the shift toward a test-driven approach to development, i.e. testing everything all the time.
The key difference between Agile and DevOps: for Agile, software is developed and released, the agile team doesn't formally care what happens to it. They're on to the next sprint and the next revision of the user story.
DevOps, on the other hand, is all about taking software which is ready for release and deploying it in the safest, most reliable manner possible. DevOps doesn't depend on the software being developed by the agile discipline. It's entirely possible to have waterfall development feeding DevOps
Automation is also a big differentiator
So a huge problem has been addressed between these two teams handling the evolution of software on the one hand and the accessibility of it on the other. You can imagine what happens when we start to think about security and where it belongs.
Look to the audience: Any guesses? Think it’s a good story?
TALK TRACK: So essentially the equation for DevOps looks like this. Note: maybe place automation as an exponent?
Broadridge/GDIT are going to be talking about what automation means to them in their practice.
Typically the big things in automation go something like this, with subtle differences between dev and prod environments:
(Automatically discover what needs to be secured and compliant)
(Automatically detect when something is out of security and compliance policy)
(Automatically remediate what you can).
You can think of automation as spanning the depth and breadth of your IT estate, up the stack and across the business.
Imagine every team has automated how they build and deploy applications, and how they provision, configure and manage the infrastructure they run on.
This is what “always ready to ship” looks like. This is what pervasive/widespread automation delivers.
You may hit a 100 percent, but it’ll back down, go back up, because this is continuous. There’s always something new.
TALK TRACK: How far have we come – or, maybe a better way of stating this – where are we going with automation and things like automated remediation?
How about a bot disguised as a human operator? One that can detect bugs and then write patches to fix them. Now this may be on the far right of the bell curve in terms of automation examples, but…it’s just so cool.
These guys call their bot Repairnator and have successfully tested it by allowing it to compete against human developers to find fixes. “This is a milestone for human-competitiveness in software engineering research on automatic program repair,” they say.
Computer scientists have long known that it is possible to automate the process of writing patches. But it is not clear whether bots can do this work as quickly as humans and to the same quality.
Take a look at this: https://www.theregister.co.uk/2018/10/17/luc_esape_bug_fixer/
Take language from here: https://www.technologyreview.com/s/612336/a-bot-disguised-as-a-human-software-developer-fixes-bugs/
Software writing software….based on ‘intelligent response’.
https://arxiv.org/pdf/1810.05806.pdf
TALK TRACK: Let’s look at the left = delivering the features that are required with corresponding operational integrity. You have entities that have chosen to ’up’ the speed axis and sacrifice stability. Conversely, you can have
Right = delivering code that is secure and compliant. Although you can get security measures baked into compliance standards, it’s important to understand that just because you’re compliant doesn’t necessarily mean you’re secure. And just because you’re secure does not mean you’re compliant. The goal here is to be as secure and as compliant as possible, so that like the figure you have automated processes to ensure both security and compliance in your software development practice.
Security and compliance play different roles, both in your internal and external environments. The right cybersecurity measures protect your information from threats by controlling how that information is used, consumed and provided. Compliance, on the other hand, is a demonstration — a reporting function — of how your security program meets specific security standards as laid out by regulatory organizations.
Key underlying foundation is automation. Automated testing, automated security and compliance checks – many things that fall into the domain of ‘x as code’ – are all the things that makes this possible. Removing the human factor to promote greater accuracy and speed is essential for this to work. Broadridge/GDIT will talk more about this and make it much more concrete.
TALK TRACK: So here is the ultimate DevSecOps picture…”All Apologies” (lower left) to “Smells Like Teen Spirit” (upper right).
TALK TRACK: So what are the algorithm for DevSecOps. As I mentioned, DevOps looks to take application code and the Ops team looks to take infrastructure code in order to ‘synergize’ speed and security (I need to find a way to talk about ‘ideate’ next – it can be done!). Those frontiers have been conquered.
TALK TRACK:
GDIT: Tie back into the GDIT/NGA story and what THEY teach us about speed and security. Can use this to talk specifically to what Brad mentioned --- security can take pre-emininence especially when the stakes are national security (versus my bank who risks personal/financial info - bad, but not catastrophic at a nation-state level, like nuclear codes).
Broadridge: There are just some things that you don’t want to automate because the risk can be high (automating mistakes). Sometimes companies will just want to have the information available in order for a human to figure out what to do. Martin will talk more about this - ‘unfettered automation’ is not part of their standard operating procedure.
Broadridge and GDIT will give us the real view of what actually happens…and while things like automated remediation sound great – and there are growing use cases out there for it – you’ll see that people still matter. There are still things that either only humans can do at this point or customers highly prefer that they have a human being doing it.
Let’s go to the chalkboard….arbitrary time values. Automation = testing/detection and remediation. Manual Inspection – can think of this like people getting involved to make sense of findings before a remediation is executed.
Path A, B, C is first and historically typical and is more closely tied to longer development cycles that are not incorporating optimized DevOps practices nor are they embedding security. (“Same as it ever was” territory). This is like three of your favorite x – come up with witty names/graphics for the various letters.
Path D is the path of cloud-born. They are pushing out updates and feature enhancements and it’s seamless. You – the customer - don’t feel a thing. You’re not getting notifications to update your system. This is what Lyft, Airbnb, Netflix, and yes, Amazon.com are doing.
Path F is the what a lot of our customers are aiming for – those that have run traditional apps on prem, moving to the cloud, and trying to exploit what they can from cloud functionality while maintaining policies aligning with their corporate needs/values (tolerance for risk, etc., included here)
Show how security and compliance needs to be placed back into the early portions of the dev process and automated to keep up with what developers – and ultimately the businesses themselves – need in order to flourish (and some to survive).
Remediation costs increase in direct proportion to how far downstream they travel.
Key underlying foundation is automation. Automated testing, automated security and compliance checks – many things that fall into the domain of ‘x as code’ – are all the things that makes this possible. Removing the human factor to promote greater accuracy and speed is essential for this to work. Broadridge will talk more about this.
IAM for access rights = who gets control
WAF for application security – hardened from dev into production
Logging, etc to get a comprehensive view of security and performance
All of these things are important from a DevSecOps perspective to make sure security and compliance is functioning properly.
TALK TRACK: (high level) But we also need to look at the security that’s being embedded into the application and infrastructure code. We need to get firm control over robustness of the code itself and whether it will ultimately be delivered with low probability of vulnerable components. And it’s better to this early
Let’s take a closer view at a core piece of DevOps, the CI/CD pipeline. This again is one of those topics we could spend an entire session on, but we’re going to give
Pre-Commit: Comprise security activities before code is checked into version control. Here you have things like threat modeling, static application security testing that will look for potential flaws within your code and code reviews.
Commit (Continuous Integration): Fast, automated security checks during the build and continuous integration steps. Here you’ll get into things like…x
Acceptance (Continuous Delivery): Automated security acceptance, functional testing, and deep ‘out-of-band’ scanning during continuous delivery. Here you’ll get into things like…x
Deploy/Production (Continuous Deployment): Security checks before, during and after code is deployed into production.
Throughout this process, you’ll want to make sure
DETAILED:
Precommit
These are the steps before and until a change to software or configuration is checked in to the source code repo. Additional security checks and controls to be added here include the following:
Lightweight, iterative threat modeling and risk assessments
Static analysis (SAST) checking in the engineer’s IDE
Peer code reviews (for defensive coding and security vulnerabilities
Commit Stage (Continuous Integration)
This is automatically triggered by a check in. In this stage, you build and perform basic automated testing of the system. These steps return fast feedback to developers: did this change “break the build”? This stage needs to complete in at most a few minutes. Here are the security checks that you should include in this stage:
Compile and build checks, ensuring that these steps are clean, and that there are no errors or warnings
Software Component Analysis in build, identifying risk in third-party components
Incremental static analysis scanning for bugs and security vulnerabilities
Alerting on high-risk code changes through static analysis checks or tests
Automated unit testing of security functions, with code coverage analysis
Acceptance Stage
This stage is triggered by a successful commit. The latest good commit build is picked up and deployed to an acceptance test environment. Automated acceptance (functional, integration, performance, and security) tests are executed. To minimize the time required, these tests are often fanned out to different test servers and executed in parallel. Following a “fail fast” approach, the more expensive and time-consuming tests are left until as late as possible in the test cycle, so that they are only executed if other tests have already passed.
Security controls and tests in this stage include the following:
Secure, automated configuration management and provisioning of the runtime environment (using tools like Ansible, Chef, Puppet, Salt, and/or Docker). Ensure that the test environment is clean and configured to match production as closely as possible.
Automatically deploy the latest good build from the binary artifact repository.
Smoke tests (including security tests) designed to catch mistakes in configuration or deployment.
Targeted dynamic scanning (DAST).
Automated functional and integration testing of security features.
Automated security attacks, using Gauntlt or other security tools.
Deep static analysis scanning (can be done out of band).
Fuzzing (of APIs, files). This can be done out of band.
Manual pen testing (out of band).
Production Deployment and Post-Deployment
If all of the previous steps and tests pass, the change is ready to be deployed to production, pending manual review/approvals and scheduling (in Continuous Delivery) or automatically (in Continuous Deployment). Additional security checks and controls are needed in production deployment and post-deployment:
Secure, automated configuration management and provisioning of the runtime environment
Automated deployment and release orchestration (authorized, repeatable, and auditable)
Production monitoring/feedback
Runtime defense
Bug bounties
TALK TRACK: ”If you’re a vendor that would like to sell into Marketplace, we would love to talk to you. My whole job centers around providing robust selection for our partners.
So let’s bring this back to the AWS Marketplace. A lot of the pieces that we need to cover in the pipeline can be found and deployed from the marketplace.
SAST = static application security testing
DAST = dynamic application security testing
SCA = software composition analysis
CVA = container vulnerability analysis
RASP = runtime application self-protection
Stress that Dome9 will be featured in Broadridge talk and Chef will be featured in GDIT
(show line curves here: traditional security/compliance vs continuous/early)
Quality
Bug
Defect in a system or a representation of a system that if executed/activated could potentially result in an error (ISO/IEC 15026-1:2013).
Software Defect
A condition in a software product which does not meet a software requirement (as stated in the requirement specifications) or end-user expectations (which may not be specified but are reasonable). In other words, a defect is an error in coding or logic that causes a program to malfunction or to produce incorrect/unexpected results.
Software Fault
An abnormal condition or defect at the component, equipment, or sub-system level which may lead to a failure (ISO 10303-226).
Security
Software Vulnerability
A mistake in software that can be directly used by a hacker to gain access to a system or network (CVE).
Software Weakness
Flaws, faults, bugs, vulnerabilities, and other errors in software implementation, code, design, or architecture that if left unaddressed could result in systems and networks being vulnerable to attack (CWE).
See Qualys case study: https://vimeo.com/237972697 30 minute mark
TALK TRACK: So this is a It’s all about code. Developers have been doing this for a long time…
Development engineering teams have been writing code since the beginning. Modern operations teams are now writing "infrastructure as code" using tools like Chef, Puppet, and Ansible to create and configure cloud infrastructure, on-premise infrastructure, gold images, and network devices.
Security as code takes this approach a step further by converting manual security and compliance steps into automated, repeatable scripts that can be executed inside a CI pipeline. Security tools are quickly evolving to have APIs and command line interfaces to support "security as code" instead of manually configuring a scanner and pressing a button.
Security as Code is about building security into DevOps tools and practices, making it an essential part of the tool chains and workflows. You do this by mapping out how changes to code and infrastructure are made and finding places to add security checks and tests and gates without introducing unnecessary costs or delays.
TALK TRACK: A few things that we’ll see from Broadridgecan the infrastructure code for necessary compliance and security checks before deploying to production.
Complements automated unit and integration testing that are part of the