SlideShare a Scribd company logo

Securing Content in the Cloud

ETCenter
ETCenter

The last 3 years have seen a major shift in how Hollywood film studios view public cloud usage. WIth an increased awareness and generally acceptance of the security and scalability these clouds offers to the VFX and animation vendors creating pre-release content, the focus has now shifted to ensuring best practices implementation. Speaker: Adrian Graham, Google

Technology
1 of 44
Download to read offline
Proprietary + Confidential #NABShow Securing Content in the Cloud Adrian Graham Cloud Solutions Architect March 20, 2017
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Why security?
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Overview On-premises infrastructure Cloud infrastructure Connecting to cloud Hybrid infrastructure Secure all the things! Further reading
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential On-premises infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes Local Workstations On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server Render Workers Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Asset Mgmt Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Cloud infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache NFS File Server Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses Read-through Cache
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses LDAP sync
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Stackdriver LoggingData ingress Data ingress/egress On-prem licenses LDAP sync
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Connecting to cloud
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway Cloud Router
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud Interconnect Cloud VPN VPN Gateway Cloud Router
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Hybrid infrastructure (better put on your glasses for this next slide…)
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes APIs: gcloud, gsutil, ssh, rsync, etc File Server Local Workstations Queue Manager Physical Cache License Server Accelerated UDP Transfer Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync Project data I/O License requests Queue Manager dispatching Project database communication VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential How do we secure all the things?
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud Platform resource hierarchy
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Projects and access Granting access Manage your organization's identities with G Suite. Implement Google Cloud Directory Sync. gcloud SDK, Compute Engine API Authentication is performed by the SDK itself. Credentials are picked up by the API client libraries. Automating security checks Implement Forseti Security to run periodic checks for policy compliance. https://github.com/GoogleCloudPlatform/forseti-security Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Controlling user access Cloud IAM Create and manage permissions at multiple levels. Service accounts Access Google services and resources programmatically. Access scopes Set permissions at the resource level. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Proprietary + Confidential #NABShow Identity & Access Management Who (principal) User Service Accounts Group Domain Can do what Roles: collection of permissions Authorization Tokens On which resource Project VM, bucket… Resource folder Cloud IAM unifies access control under a single system. Create and manage permissions at the organization, project and resource levels. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption key management Cloud storage All data is encrypted at rest using either AES128 or AES256 encryption. Data is always encrypted before it's written to disk. Cloud KMS Store encryption keys centrally in the cloud, for use by cloud services. Let Google manage your keys, or manage keys yourself. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Network security Networks and subnetworks Isolate resources on separate networks to add an extra level of security. Subnetworks are created automatically, one for each compute zone. Firewall rules Rules apply to the entire network. To allow incoming traffic, you must create 'allow' firewall rules. External IP addresses Ability to disable the assignment of an external IP on instance creation. The instance will then only be visible over VPN, or from within the network. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Disk images Public Compute Engine offers many preconfigured public images. Each OS image has been configured to work closely with Google Cloud Platform services and resources. Custom Use your own custom image, but ensure you comply with security best practices. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connectivity Google Cloud VPN Regardless of how you're connected to Google, you must secure your connection with a Virtual Private Network (VPN). Direct peering Connect directly to a Google PoP. This is typically the fastest option. Cloud interconnect Connect to Google using a service provider. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow File systems Object-based Encrypted, localized, available worldwide. Pipeline implications, however. POSIX-compliant Known as Persistent Disk (PD) on GCP. The security features of object-based storage, available as an NFS server. Other filesystems Clustered or caching filesystems are also available, however they are not under the management of IAM or other Google security mechanisms. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption Storage security Security features are consistent across storage classes. By default, Google manages encryption keys. When is data encrypted? Both at rest and in-transit. If using VPN (which you should), data is encrypted before leaving on-prem. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Transferring data SDK and API gsutil, gcloud, rsync, ssh can be used, but we recommend gsutil for anything less than 10Gb in size. UDP-based Aspera, Tervela Cloud FastPath, BitSpeed Velocity or FDT are all options, however they're all third-party services and are not managed by Google. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Logging Stackdriver Can be used as a secure logging server for a variety of pipelines. Able to ingest thousands of concurrent log streams. Audit logging Monitor project-based admin activity. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Other considerations Queue management Use the gcloud command to communicate with Google Cloud, rather than via ssh. Consider running your queue system entirely on Google Cloud Platform. Custom software There are a number of client libraries available for use by third-party software API. Each library provides methods for OAuth2.0 authorization. Licensing Use your own on-prem license server across a VPN. Running a license server in the cloud. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Proprietary + Confidential #NABShow Best Practices for Enterprise Organizations Google Infrastructure Security Design Overview Encryption at Rest in Google Cloud Platform Securely Connecting to VM Instances Google Security Whitepaper Using IAM Securely Configuring Imported Images Further reading
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Questions?
THANK YOU

Recommended

Building Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSBuilding Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWS
ETCenter
 
Cloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesCloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media Enterprises
ETCenter
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Amazon Web Services
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18
CodeOps Technologies LLP
 
MAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSMAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWS
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
Amazon Web Services
 
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
Amazon Web Services
 

Recommended

Building Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSBuilding Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWS
ETCenter
 
Cloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesCloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media Enterprises
ETCenter
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Amazon Web Services
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18
CodeOps Technologies LLP
 
MAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSMAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWS
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
Amazon Web Services
 
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
Amazon Web Services
 
HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with Terraform
Cobus Bernard
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan Zoltak
Amazon Web Services
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video Workflows
Amazon Web Services
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
Kent Plummer
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2
HoseokSeo7
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Amazon Web Services
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Amazon Web Services
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
HoseokSeo7
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Amazon Web Services
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Amazon Web Services
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構
Amazon Web Services
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media Services
Ken Cenerelli
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Amazon Web Services
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
EagleDream Technologies
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security Training
Amazon Web Services
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
Amazon Web Services
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
Amazon Web Services
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWS
EagleDream Technologies
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
Tim Nolet
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
Nicolas Bortolotti
 

More Related Content

What's hot

HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with Terraform
Cobus Bernard
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan Zoltak
Amazon Web Services
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video Workflows
Amazon Web Services
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
Kent Plummer
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2
HoseokSeo7
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Amazon Web Services
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Amazon Web Services
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
HoseokSeo7
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Amazon Web Services
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Amazon Web Services
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構
Amazon Web Services
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media Services
Ken Cenerelli
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Amazon Web Services
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
EagleDream Technologies
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security Training
Amazon Web Services
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
Amazon Web Services
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
Amazon Web Services
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWS
EagleDream Technologies
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
Tim Nolet
 

What's hot (20)

HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with Terraform
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan Zoltak
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video Workflows
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media Services
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security Training
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWS
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
 

Similar to Securing Content in the Cloud

Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
Nicolas Bortolotti
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
Amazon Web Services
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
Moshe Ferber
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
Amazon Web Services
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
jonmccoy
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
Bela Sojina MBA, PMP
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
 
Bulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit AucklandBulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
Jan Löffler
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
Amazon Web Services
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Amazon Web Services
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
VMware Tanzu
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
JacksonMorgan9
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
PolarSeven Pty Ltd
 

Similar to Securing Content in the Cloud (20)

Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Bulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit AucklandBulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit Auckland
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 

More from ETCenter

How broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sportsHow broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sports
ETCenter
 
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
ETCenter
 
Looking beyond the script
Looking beyond the scriptLooking beyond the script
Looking beyond the script
ETCenter
 
Cloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-DemandCloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-Demand
ETCenter
 
IP for Sports broadcast
IP for Sports broadcast IP for Sports broadcast
IP for Sports broadcast
ETCenter
 
The distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital worldThe distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital world
ETCenter
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assets
ETCenter
 
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAINBLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
ETCenter
 
Graymeta C4 use case, Deduplication
Graymeta C4 use case, DeduplicationGraymeta C4 use case, Deduplication
Graymeta C4 use case, Deduplication
ETCenter
 
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
ETCenter
 
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
ETCenter
 
Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC
ETCenter
 
Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...
ETCenter
 
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
ETCenter
 
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
ETCenter
 
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCBig Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
ETCenter
 
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalystAn Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
ETCenter
 
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
ETCenter
 
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
ETCenter
 
Day 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik WeaverDay 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik Weaver
ETCenter
 

More from ETCenter (20)

How broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sportsHow broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sports
 
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
 
Looking beyond the script
Looking beyond the scriptLooking beyond the script
Looking beyond the script
 
Cloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-DemandCloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-Demand
 
IP for Sports broadcast
IP for Sports broadcast IP for Sports broadcast
IP for Sports broadcast
 
The distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital worldThe distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital world
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assets
 
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAINBLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
 
Graymeta C4 use case, Deduplication
Graymeta C4 use case, DeduplicationGraymeta C4 use case, Deduplication
Graymeta C4 use case, Deduplication
 
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
 
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
 
Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC
 
Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...
 
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
 
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
 
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCBig Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
 
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalystAn Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
 
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
 
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
 
Day 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik WeaverDay 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik Weaver
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 

Securing Content in the Cloud

  • 1. Proprietary + Confidential #NABShow Securing Content in the Cloud Adrian Graham Cloud Solutions Architect March 20, 2017
  • 2. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Why security?
  • 3. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Overview On-premises infrastructure Cloud infrastructure Connecting to cloud Hybrid infrastructure Secure all the things! Further reading
  • 4. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential On-premises infrastructure
  • 5. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes Local Workstations On-premise infrastructure
  • 6. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations On-premise infrastructure
  • 7. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server On-premise infrastructure
  • 8. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 9. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 10. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Asset Mgmt Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 11. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Cloud infrastructure
  • 12. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Data ingress/egress
  • 13. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Data ingress Data ingress/egress
  • 14. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Data ingress Data ingress/egress
  • 15. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache NFS File Server Data ingress Data ingress/egress
  • 16. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses Read-through Cache
  • 17. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses LDAP sync
  • 18. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Stackdriver LoggingData ingress Data ingress/egress On-prem licenses LDAP sync
  • 19. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Connecting to cloud
  • 20. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure
  • 21. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway
  • 22. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway Cloud Router
  • 23. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud Interconnect Cloud VPN VPN Gateway Cloud Router
  • 24. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Hybrid infrastructure (better put on your glasses for this next slide…)
  • 25. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 26. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 27. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes APIs: gcloud, gsutil, ssh, rsync, etc File Server Local Workstations Queue Manager Physical Cache License Server Accelerated UDP Transfer Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync Project data I/O License requests Queue Manager dispatching Project database communication VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 28. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential How do we secure all the things?
  • 29. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud Platform resource hierarchy
  • 30. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Projects and access Granting access Manage your organization's identities with G Suite. Implement Google Cloud Directory Sync. gcloud SDK, Compute Engine API Authentication is performed by the SDK itself. Credentials are picked up by the API client libraries. Automating security checks Implement Forseti Security to run periodic checks for policy compliance. https://github.com/GoogleCloudPlatform/forseti-security Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 31. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Controlling user access Cloud IAM Create and manage permissions at multiple levels. Service accounts Access Google services and resources programmatically. Access scopes Set permissions at the resource level. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 32. Proprietary + Confidential #NABShow Identity & Access Management Who (principal) User Service Accounts Group Domain Can do what Roles: collection of permissions Authorization Tokens On which resource Project VM, bucket… Resource folder Cloud IAM unifies access control under a single system. Create and manage permissions at the organization, project and resource levels. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 33. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption key management Cloud storage All data is encrypted at rest using either AES128 or AES256 encryption. Data is always encrypted before it's written to disk. Cloud KMS Store encryption keys centrally in the cloud, for use by cloud services. Let Google manage your keys, or manage keys yourself. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 34. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Network security Networks and subnetworks Isolate resources on separate networks to add an extra level of security. Subnetworks are created automatically, one for each compute zone. Firewall rules Rules apply to the entire network. To allow incoming traffic, you must create 'allow' firewall rules. External IP addresses Ability to disable the assignment of an external IP on instance creation. The instance will then only be visible over VPN, or from within the network. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 35. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Disk images Public Compute Engine offers many preconfigured public images. Each OS image has been configured to work closely with Google Cloud Platform services and resources. Custom Use your own custom image, but ensure you comply with security best practices. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 36. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connectivity Google Cloud VPN Regardless of how you're connected to Google, you must secure your connection with a Virtual Private Network (VPN). Direct peering Connect directly to a Google PoP. This is typically the fastest option. Cloud interconnect Connect to Google using a service provider. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 37. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow File systems Object-based Encrypted, localized, available worldwide. Pipeline implications, however. POSIX-compliant Known as Persistent Disk (PD) on GCP. The security features of object-based storage, available as an NFS server. Other filesystems Clustered or caching filesystems are also available, however they are not under the management of IAM or other Google security mechanisms. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 38. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption Storage security Security features are consistent across storage classes. By default, Google manages encryption keys. When is data encrypted? Both at rest and in-transit. If using VPN (which you should), data is encrypted before leaving on-prem. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 39. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Transferring data SDK and API gsutil, gcloud, rsync, ssh can be used, but we recommend gsutil for anything less than 10Gb in size. UDP-based Aspera, Tervela Cloud FastPath, BitSpeed Velocity or FDT are all options, however they're all third-party services and are not managed by Google. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 40. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Logging Stackdriver Can be used as a secure logging server for a variety of pipelines. Able to ingest thousands of concurrent log streams. Audit logging Monitor project-based admin activity. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 41. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Other considerations Queue management Use the gcloud command to communicate with Google Cloud, rather than via ssh. Consider running your queue system entirely on Google Cloud Platform. Custom software There are a number of client libraries available for use by third-party software API. Each library provides methods for OAuth2.0 authorization. Licensing Use your own on-prem license server across a VPN. Running a license server in the cloud. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 42. Proprietary + Confidential #NABShow Best Practices for Enterprise Organizations Google Infrastructure Security Design Overview Encryption at Rest in Google Cloud Platform Securely Connecting to VM Instances Google Security Whitepaper Using IAM Securely Configuring Imported Images Further reading
  • 43. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Questions?