SlideShare a Scribd company logo

Castles in Castles - Secure Operational Scale - AWS Summit Sydney

Amazon Web Services
Amazon Web Services

This is a story about how PageUp bounced back from a recent security incident with a ‘Castles in Castles’ approach to further protect their customers - Multi Account Cloud architecture, automated security baselines, design of sensible guard rails, and provisioning of platform capabilities at scale across product development without creating any bottlenecks.

1 of 37
S U M M I T SYDNEY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Castles in Castles Tom LeGrice ISV SaaS Lead Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The PageUp SaaS journey PageUp Moves into AWS Leverages higher order AWS services inc. containers, APIs Begins to explore Serverless, AI/ ML Connecting 100 million people to their careers PageUp established Graduate recruitment module success Iconic Australian brands, all recruitment types Global users 5 continents UK operations Unified talent management • Recruitment • Onboarding • Contractor • Learning • Performance • Compensation • Succession • Analytics • Marketplace Growth equality SEA & OS market entry 1997 2000 2004 2008 2012 2014 2016 2018
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Introduction to PageUp
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connect people to great careers Karthik Padmanabhan Senior Technical Advisor
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp product development - context Clients Culture Technology
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp security Previous state
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp security Previous state: • WAF, Network segregations • AWS Guard Duty • Anti-malware server protection Additionally: • Password salting and hashing • Encryption in transit and rest • Segregation of network traffic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Incident
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Containment and remediation
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Operational evaluation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Program of work - key highlights Isolation of assets Continuously improving security
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation of assets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation of assets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Castles within a castle
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enabling continuous improvement
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation options Security groups and subnets VPC Multi-account strategy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Multi-account strategy 100+ isolations needed! 20+ Domains and capabilities to be isolated Across 5 regions
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Multi-account strategy - limitations Awesome! However, how do we: • Provision and maintain 100+ accounts at scale? • Continuously improve our security posture across accounts?
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CD - Security guardrails as code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automated security guardrails • VPC guard rails • Cloud Trail and VPC flow logs • Guard Duty reporting • NAT whitelisting • Prevention of user creation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Account Vending Machine
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp Domain Vending Machine Domains: - Name: careers OrgUnit: functional Cidr: 10.x.x.x VpcOption: 3-Tier-3-AZ-Public-Private-Private-VPC DomainStackPolicies: - Name: careers-https-stack-policy PolicyFile: /policies/careers-deploy-policy.json
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp Landing Zone - Learnings Advantages • Scale and continuous delivery • Infrastructure as Code • Security guardrails as code • Codifying architectural decisions Challenges • Complex machine • Upgrade path
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Cyber attacks: It’s not a matter of if but when.” Matthew Clarke Insurance & Risk Professional Magazine, June/July 2014
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What has changed since? automation services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Future Launch of PageUp Express Visionary by Gartner for Talent Management in 2018 JB-HIFI & The Good Guys as new customers
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Karthik Padmanabhan @humblelistener

Recommended

Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinBoaz Ziniman
 
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS Summit
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS SummitHow Nubank is building a customer-obsessed bank - FSV201 - New York AWS Summit
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS SummitAmazon Web Services
 
Automated Security Remediation
Automated Security RemediationAutomated Security Remediation
Automated Security RemediationAmazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
The Scout24 Data Platform - a technical deep dive
The Scout24 Data Platform - a technical deep diveThe Scout24 Data Platform - a technical deep dive
The Scout24 Data Platform - a technical deep diveseangustafson
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構Amazon Web Services
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...Amazon Web Services
 
Breaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersBreaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersAmazon Web Services
 

Recommended

Websites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinWebsites go Serverless - AWS Summit Berlin
Websites go Serverless - AWS Summit BerlinBoaz Ziniman
 
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS Summit
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS SummitHow Nubank is building a customer-obsessed bank - FSV201 - New York AWS Summit
How Nubank is building a customer-obsessed bank - FSV201 - New York AWS SummitAmazon Web Services
 
Automated Security Remediation
Automated Security RemediationAutomated Security Remediation
Automated Security RemediationAmazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
The Scout24 Data Platform - a technical deep dive
The Scout24 Data Platform - a technical deep diveThe Scout24 Data Platform - a technical deep dive
The Scout24 Data Platform - a technical deep diveseangustafson
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構Amazon Web Services
 
How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...How Millennium Management achieves provable security with AWS Zelkova - FSV30...
How Millennium Management achieves provable security with AWS Zelkova - FSV30...Amazon Web Services
 
Breaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersBreaking Up the Monolith with Containers
Breaking Up the Monolith with ContainersAmazon Web Services
 
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSCobus Bernard
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Amazon Web Services
 
Automated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit SydneyAutomated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit SydneyAmazon Web Services
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon WayAmazon Web Services
 
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習Amazon Web Services
 
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit SydneyInnovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit SydneyAmazon Web Services
 
Migration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudMigration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitThreat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitAmazon Web Services
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...Amazon Web Services
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsAmazon Web Services
 
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summits
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
DevOps at Amazon
DevOps at AmazonDevOps at Amazon
DevOps at AmazonAmazon Web Services
 
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...Amazon Web Services
 
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-TimeAWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-TimeAmazon Web Services
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsAmazon Web Services
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsAmazon Web Services
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summits
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 

More Related Content

Similar to Castles in Castles - Secure Operational Scale - AWS Summit Sydney

How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSCobus Bernard
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Amazon Web Services
 
Automated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit SydneyAutomated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit SydneyAmazon Web Services
 
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習Amazon Web Services
 
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit SydneyInnovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit SydneyAmazon Web Services
 
Migration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudMigration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitThreat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitAmazon Web Services
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...Amazon Web Services
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsAmazon Web Services
 
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summits
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...Amazon Web Services
 
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-TimeAWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-TimeAmazon Web Services
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsAmazon Web Services
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsAmazon Web Services
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summits
 

Similar to Castles in Castles - Secure Operational Scale - AWS Summit Sydney (20)

How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS SummitHow to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
How to speed up and scale your innovation efforts - MAD203 - Chicago AWS Summit
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
 
Automated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit SydneyAutomated Security Remediation - AWS Summit Sydney
Automated Security Remediation - AWS Summit Sydney
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon Way
 
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
AWS及客戶在AI/ML的數位運行過程中得到的重要經驗與學習
 
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit SydneyInnovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
Innovating at Scale – Lessons Learned Growing Alexa - AWS Summit Sydney
 
Migration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudMigration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the Cloud
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS SummitThreat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
Threat detection and mitigation at AWS - SEC201 - Atlanta AWS Summit
 
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
The Zen of governance - Establish guardrails and empower builders - SVC201 - ...
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS Systems
 
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
 
DevOps at Amazon
DevOps at AmazonDevOps at Amazon
DevOps at Amazon
 
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
Modernizing Architectures in AWS to Drive Efficiency for Municipal Mobility S...
 
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-TimeAWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
AWS Summit Singapore 2019 | Mobile Apps that Engage Users and React in Real-Time
 
Control your cloud environment with AWS management tools
Control your cloud environment with AWS management toolsControl your cloud environment with AWS management tools
Control your cloud environment with AWS management tools
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Castles in Castles - Secure Operational Scale - AWS Summit Sydney

  • 1. S U M M I T SYDNEY
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Castles in Castles Tom LeGrice ISV SaaS Lead Amazon Web Services
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The PageUp SaaS journey PageUp Moves into AWS Leverages higher order AWS services inc. containers, APIs Begins to explore Serverless, AI/ ML Connecting 100 million people to their careers PageUp established Graduate recruitment module success Iconic Australian brands, all recruitment types Global users 5 continents UK operations Unified talent management • Recruitment • Onboarding • Contractor • Learning • Performance • Compensation • Succession • Analytics • Marketplace Growth equality SEA & OS market entry 1997 2000 2004 2008 2012 2014 2016 2018
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Introduction to PageUp
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connect people to great careers Karthik Padmanabhan Senior Technical Advisor
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp product development - context Clients Culture Technology
  • 8. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp security Previous state
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp security Previous state: • WAF, Network segregations • AWS Guard Duty • Anti-malware server protection Additionally: • Password salting and hashing • Encryption in transit and rest • Segregation of network traffic
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Incident
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Containment and remediation
  • 13. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Operational evaluation
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Program of work - key highlights Isolation of assets Continuously improving security
  • 16. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation of assets
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation of assets
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Castles within a castle
  • 20. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enabling continuous improvement
  • 22. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Isolation options Security groups and subnets VPC Multi-account strategy
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Multi-account strategy 100+ isolations needed! 20+ Domains and capabilities to be isolated Across 5 regions
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Multi-account strategy - limitations Awesome! However, how do we: • Provision and maintain 100+ accounts at scale? • Continuously improve our security posture across accounts?
  • 26. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CD - Security guardrails as code
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automated security guardrails • VPC guard rails • Cloud Trail and VPC flow logs • Guard Duty reporting • NAT whitelisting • Prevention of user creation
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Account Vending Machine
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp Domain Vending Machine Domains: - Name: careers OrgUnit: functional Cidr: 10.x.x.x VpcOption: 3-Tier-3-AZ-Public-Private-Private-VPC DomainStackPolicies: - Name: careers-https-stack-policy PolicyFile: /policies/careers-deploy-policy.json
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PageUp Landing Zone - Learnings Advantages • Scale and continuous delivery • Infrastructure as Code • Security guardrails as code • Codifying architectural decisions Challenges • Complex machine • Upgrade path
  • 32. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Cyber attacks: It’s not a matter of if but when.” Matthew Clarke Insurance & Risk Professional Magazine, June/July 2014
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What has changed since? automation services
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Future Launch of PageUp Express Visionary by Gartner for Talent Management in 2018 JB-HIFI & The Good Guys as new customers
  • 37. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Karthik Padmanabhan @humblelistener