SlideShare a Scribd company logo

Unleash Team Productivity with Real-time Operations

Amazon Web Services
Amazon Web Services

The document discusses moving from traditional to modern operational models using real-time operations and DevSecOps. It promotes adopting PagerDuty to help with real-time operations by providing a platform for on-call management, event intelligence, visibility across 300+ integrations. Adopting cloud technologies provides an opportunity to redefine operational models to be more collaborative, automated, proactive and learning-focused.

1 of 44
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unleash Team Productivity with Real-time Operations Dave Cliffe Head of Strategy – New Use Cases @cliffehangers D E V 2 0 3 - S Shannon Lietz Director & Leader, DevSecOps @devsecops
3 Raise your hand if you’re on-call right now!
4
Operational Models – a Journey to Real-time Operations Real-time Operations includes DevSecOps Best Practices for DevSecOps Demo: Real-time Operations with AWS+PagerDuty Q & Eh? AGENDA 5
6 Source: https://imgur.com/gallery/HciYhJe
7 Somewhere in 2013 … Well actually, not somewhere – specifically at AWS re:Invent 2013 …
8 Source: https://imgur.com/gallery/HciYhJe
9 “Giving developers operational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - ???, 2005
10 “This brings developers into contact with the day- to-day operation of their software. It also brings them into day-to-day contact with the customer. This customer feedback loop is essential for improving the quality of the service.” - ???, 2005
11 “… you build it, you run it.” --Werner Vogels, CTO Amazon, 2005
12 Source: https://imgur.com/gallery/HciYhJe
13 Seattle 2009: Somewhere at Amazon In the beginning…
14
Signal-to-Action from 300+ integrations – especially AWS 15 DevOps ITOps Security Industrial BizOps Support Drive Real-Time Operations Harness Digital Signals Enable Human Response
16 “Digital operations are becoming life changing and disruptive. We are moving beyond the dysfunctional ways of behaving, and into new paradigms for operations.” - Charlie Betz, Forrester
What is Digital Operations? 17 Queued Siloed Manual Reactive Static Real-time Collaborative Automated Proactive Learning TRADITIONAL MODERN
18 What if I told you … It requires more than just developers and operations?
MY pseudo JOURNEY LINE... HOW I SPEND MY DAYS...WHAT MAKES ME HUMAN... Sugar plum fairies DEV SEC OPS DSO RGD 1984 1989 1996 2001 2011 COMICS Shannon Lietz (@devsecops) 19
Why does it take so long for features? ? YOU YOUR CUSTOMER CISO Hopefully it’s not going to be another round of “No’s”… 20 "designed by Twitter from Flaticon"
Source: Sonatype, 2018 DevSecOps Community Survey
insightssecurity science security tools & data AWS accounts ingestion threat intel designed by {Author's Name} from Flaticon" 22
What is DevSecOps? IS • A Mindset and Holistic Approach • A Collection of Processes & Tools • A Means of Building Security and Compliance into Software • A Community-Driven Effort • A Strategy Driven by Learning and Experiments IS NOT • A One-Size-Fits-All Approach • A Single Tool or Method • Just a means of adding Security into Continuous Delivery • Invented by Vendors • A Strategy Driven by Perfection and Compliance DevSecOps is the practice of developing safer software sooner by involving all needed parties in the creative process and practicing continuous improvement from high fidelity actionable feedback with context. Shares concepts with Rugged Software, Rugged DevOps, SecDevOps, DevOpsSec, DevOps
Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOps toolkit Experiment: Science via Profiling DevOps + DevSecOps Compliance Operations? Science? Start Here? DevOps + Security How do I get started?
Is it like a Supply Chain? • Gating processes are not Deming-like • Security is a design constraint • Decisions made by engineering teams Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes happen during design • Hard to avoid business catastrophes by applying one-size-fits-all strategies • Security defects is more like a security “recall” design build deploy operate What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? How do I secure my app? Faster security feedback loop
Can you provide an example of a difference? API KEY EXPOSURE -> 8 HRS DEFAULT CONFIGS -> 24 HRS SECURITY GROUPS -> 24 HRS ESCALATION OF PRIVS -> 5 D KNOWN VULN -> 8 HRS
How do we change the game? 27 Security Researchers events billions millions thousands hundreds defects Red Team Pen Test Gauntit Nessus Nexpose NMAP Maltego Qualys Threat Intel Bug Bounty Logs & Events IOCs Security Science TB per Day Correlation Case Management Developer Backlog Security Workflow and Pipeline Actionable Security Features and Defects
Is There A Playbook? 28 Operating Model Processes Tooling • Determine defect and feature flows for Security to funnel to distributed teams • Inventory work processes, guidelines, policies, experiments, data and tools • Identify groups, roles and skills required to support processes • Identify friction and measure speed of MTTR • Identify types of decisions • Identify metrics for measuring experiments and adapting processes • Implement Code & Infrastructure Guidelines • Implement Rules Engineering Processes • Implement Security Defect Reporting • Implement Consulting and Requests Process • Implement Infrastructure Templates • Implement Red Team & SOC Processes • Implement Manual Staging Processes • Implement a Decisions Process • Implement an Escalation Process with clear stakeholders • All systems should be run with API inspection available via a Security Fabric. (Systems without inspection require manual intervention.) • Implement Security Portal for feedback consolidation across security processes • Implement Case Management for Requests, Defects, and Incidents • Implement Testing framework • Implement Correlation engine • Implement foundational security controls • Integrate with core organizational systems • Identified opportunities to develop capacity without increasing risk to too high a level • Inventory provides information for Decisions board to help with risk decisions • Decisions board with clear escalation path by type of decision • Ability to Communicate and Train on initial processes • Consistent Ins/Outs of Dynamic Work with standard templates • SDE helps with reducing manual efforts • Ability to build up capacity for Stage Two Expected Issues: Communication changes, adaptation of skills, decisions processes, expectations, audits and risk guidelines mismatch n number of experiments to refine processes and automate where possible outcomes
What’s it like to have devsecops fully functioning? Data Security Insights Developer Security Incident Response Anomaly
Why PagerDuty? 30 Queued Siloed Manual Reactive Static Real-time Collaborative Automated Proactive Learning TRADITIONAL MODERN
31 Use your AWS adoption as an opportunity to redefine your operational model
32 Disclaimer: Eyes wide open
Meet David – a software developer 33 I Build It, I Run It! Automation Bugs Incidents Alerts Tests Planned Features Postmortems Operability Improvements Yak-shaving Revenue-Generating Unplanned
How PagerDuty supports DevSecOps 35 Self-service Platform / Expertise on-demand Tooling that provides guardrails, metrics, and frictionless escalation when help is needed Build Common Ground Align terminology, visibility, and response process for security and development Drive Security Hygiene Tighten feedback loops from your security- integrated CI/CD pipeline & hand-offs to ITSM / chat Share Security Accountability Make security everyone’s job through rich context and flexible routing
Real-time Operations PagerDuty + AWS DEMO 36
37 How we work is changing
ITOps Industrial Ops Customer Support DevOps Business OpsSecOps Analytics Modern Incident Response Enterprise Class Platform EXTENSIBLE | SECURE | RELIABLE | SCALABLE PagerDuty – Platform for Real-time Operations PLATFORM PRODUCTS USE CASES On-Call Management Event Intelligence Visibility 300+ Integrations
Summary 39 1. Cloud adoption is an ideal time for changing your operational model. 2. Security must shift to meet developers where they’re at: #DevSecOps. 3. PagerDuty is built for distributing operational accountability - self-service & visibility with less friction.
https://sudo.pagerduty.com https://reviews.pagerduty.com
Come visit PagerDuty at Booth #1023 for a chance to win a $500 Airbnb Gift Card* Take our free, 2-min survey to see where you stand in terms of real-time operations maturity.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dave Cliffe @cliffehangers Shannon Lietz @devsecops
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dave Cliffe @cliffehangers Shannon Lietz @devsecops
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

12 Steps to Cloud
12 Steps to Cloud12 Steps to Cloud
12 Steps to CloudAmazon Web Services
 
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS Compliance
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS ComplianceAWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS Compliance
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS ComplianceAmazon Web Services
 
Building for Scale with AWS Media Services
Building for Scale with AWS Media ServicesBuilding for Scale with AWS Media Services
Building for Scale with AWS Media ServicesAmazon Web Services
 
Building transformational business value through broad organizational engagem...
Building transformational business value through broad organizational engagem...Building transformational business value through broad organizational engagem...
Building transformational business value through broad organizational engagem...Amazon Web Services
 
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...Amazon Web Services
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Amazon Web Services
 

Recommended

12 Steps to Cloud
12 Steps to Cloud12 Steps to Cloud
12 Steps to CloudAmazon Web Services
 
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS Compliance
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS ComplianceAWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS Compliance
AWS FSI Symposium 2017 NYC- Shared Reponsibility & AWS ComplianceAmazon Web Services
 
Building for Scale with AWS Media Services
Building for Scale with AWS Media ServicesBuilding for Scale with AWS Media Services
Building for Scale with AWS Media ServicesAmazon Web Services
 
Building transformational business value through broad organizational engagem...
Building transformational business value through broad organizational engagem...Building transformational business value through broad organizational engagem...
Building transformational business value through broad organizational engagem...Amazon Web Services
 
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...
Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...Amazon Web Services
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
 
Enterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleEnterprise Cloud transformation z pohledu Oracle
Enterprise Cloud transformation z pohledu OracleMarketingArrowECS_CZ
 
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...
Iterating Towards a Cloud-Enabled IT Organization (ENT204-R2) - AWS re:Invent...Amazon Web Services
 
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfTransforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfAmazon Web Services
 
Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices Jenna Starmer
 
Advance Serverless for Production Grade Workloads
Advance Serverless for Production Grade WorkloadsAdvance Serverless for Production Grade Workloads
Advance Serverless for Production Grade WorkloadsGary Arora
 
NoOps in a Serverless World
NoOps in a Serverless WorldNoOps in a Serverless World
NoOps in a Serverless WorldGary Arora
 
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...Amazon Web Services
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersAmazon Web Services
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityDan Fitzgerald, CISSP, CIPM
 
Mythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyMythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyAmazon Web Services
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security BrokersRobin Vermeirsch
 
Go-to Market with AWS for Startups
Go-to Market with AWS for StartupsGo-to Market with AWS for Startups
Go-to Market with AWS for StartupsAmazon Web Services
 
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Amazon Web Services
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudAmazon Web Services
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationRapidValue
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the CloudAmazon Web Services
 
Combining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityCombining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityPete Nieminen
 
IntelliMedia Netwoks Services
IntelliMedia Netwoks ServicesIntelliMedia Netwoks Services
IntelliMedia Netwoks ServicesRaj Shah
 
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...Amazon Web Services
 
Cloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValueCloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValueRapidValue
 
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Amazon Web Services
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps TransformationMichele Chubirka
 

More Related Content

What's hot

Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfTransforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfAmazon Web Services
 
Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices Jenna Starmer
 
Advance Serverless for Production Grade Workloads
Advance Serverless for Production Grade WorkloadsAdvance Serverless for Production Grade Workloads
Advance Serverless for Production Grade WorkloadsGary Arora
 
NoOps in a Serverless World
NoOps in a Serverless WorldNoOps in a Serverless World
NoOps in a Serverless WorldGary Arora
 
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...Amazon Web Services
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersAmazon Web Services
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityDan Fitzgerald, CISSP, CIPM
 
Mythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyMythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyAmazon Web Services
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security BrokersRobin Vermeirsch
 
Go-to Market with AWS for Startups
Go-to Market with AWS for StartupsGo-to Market with AWS for Startups
Go-to Market with AWS for StartupsAmazon Web Services
 
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Amazon Web Services
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationRapidValue
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the CloudAmazon Web Services
 
Combining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityCombining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityPete Nieminen
 
IntelliMedia Netwoks Services
IntelliMedia Netwoks ServicesIntelliMedia Netwoks Services
IntelliMedia Netwoks ServicesRaj Shah
 
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...Amazon Web Services
 
Cloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValueCloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValueRapidValue
 
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Amazon Web Services
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
 

What's hot (20)

Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdfTransforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
Transforming Enterprise IT - AWS Transformation Days Raleigh 2018.pdf
 
Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices Cloud Adoption: Benchmark, Trends & Best Practices
Cloud Adoption: Benchmark, Trends & Best Practices
 
Advance Serverless for Production Grade Workloads
Advance Serverless for Production Grade WorkloadsAdvance Serverless for Production Grade Workloads
Advance Serverless for Production Grade Workloads
 
NoOps in a Serverless World
NoOps in a Serverless WorldNoOps in a Serverless World
NoOps in a Serverless World
 
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
Adopting Modern Application Architecture with AWS and Project Flogo (Sponsore...
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
 
Mythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyMythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud Journey
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers
 
Go-to Market with AWS for Startups
Go-to Market with AWS for StartupsGo-to Market with AWS for Startups
Go-to Market with AWS for Startups
 
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT Implementation
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the Cloud
 
Combining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityCombining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and Cybersecurity
 
IntelliMedia Netwoks Services
IntelliMedia Netwoks ServicesIntelliMedia Netwoks Services
IntelliMedia Netwoks Services
 
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
Realize Value of Your Microsoft Investments - AWS Transformation Days Raleigh...
 
Cloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValueCloud Azure Market Research and Service Offerings by RapidValue
Cloud Azure Market Research and Service Offerings by RapidValue
 
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
Achieving Your Department Objectives: Providing Better Citizen Services at Lo...
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWS
 

Similar to Unleash Team Productivity with Real-time Operations

Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps TransformationMichele Chubirka
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatMarc Hornbeek
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenNadira Bajrei
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Enov8
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineEnov8
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscapestevecooper930744
 

Similar to Unleash Team Productivity with Real-time Operations (20)

Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and What
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscape
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Unleash Team Productivity with Real-time Operations

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unleash Team Productivity with Real-time Operations Dave Cliffe Head of Strategy – New Use Cases @cliffehangers D E V 2 0 3 - S Shannon Lietz Director & Leader, DevSecOps @devsecops
  • 3. 3 Raise your hand if you’re on-call right now!
  • 4. 4
  • 5. Operational Models – a Journey to Real-time Operations Real-time Operations includes DevSecOps Best Practices for DevSecOps Demo: Real-time Operations with AWS+PagerDuty Q & Eh? AGENDA 5
  • 7. 7 Somewhere in 2013 … Well actually, not somewhere – specifically at AWS re:Invent 2013 …
  • 9. 9 “Giving developers operational responsibilities has greatly enhanced the quality of the services, both from a customer and a technology point of view.” - ???, 2005
  • 10. 10 “This brings developers into contact with the day- to-day operation of their software. It also brings them into day-to-day contact with the customer. This customer feedback loop is essential for improving the quality of the service.” - ???, 2005
  • 11. 11 “… you build it, you run it.” --Werner Vogels, CTO Amazon, 2005
  • 13. 13 Seattle 2009: Somewhere at Amazon In the beginning…
  • 14. 14
  • 15. Signal-to-Action from 300+ integrations – especially AWS 15 DevOps ITOps Security Industrial BizOps Support Drive Real-Time Operations Harness Digital Signals Enable Human Response
  • 16. 16 “Digital operations are becoming life changing and disruptive. We are moving beyond the dysfunctional ways of behaving, and into new paradigms for operations.” - Charlie Betz, Forrester
  • 17. What is Digital Operations? 17 Queued Siloed Manual Reactive Static Real-time Collaborative Automated Proactive Learning TRADITIONAL MODERN
  • 18. 18 What if I told you … It requires more than just developers and operations?
  • 19. MY pseudo JOURNEY LINE... HOW I SPEND MY DAYS...WHAT MAKES ME HUMAN... Sugar plum fairies DEV SEC OPS DSO RGD 1984 1989 1996 2001 2011 COMICS Shannon Lietz (@devsecops) 19
  • 20. Why does it take so long for features? ? YOU YOUR CUSTOMER CISO Hopefully it’s not going to be another round of “No’s”… 20 "designed by Twitter from Flaticon"
  • 21. Source: Sonatype, 2018 DevSecOps Community Survey
  • 22. insightssecurity science security tools & data AWS accounts ingestion threat intel designed by {Author's Name} from Flaticon" 22
  • 23. What is DevSecOps? IS • A Mindset and Holistic Approach • A Collection of Processes & Tools • A Means of Building Security and Compliance into Software • A Community-Driven Effort • A Strategy Driven by Learning and Experiments IS NOT • A One-Size-Fits-All Approach • A Single Tool or Method • Just a means of adding Security into Continuous Delivery • Invented by Vendors • A Strategy Driven by Perfection and Compliance DevSecOps is the practice of developing safer software sooner by involving all needed parties in the creative process and practicing continuous improvement from high fidelity actionable feedback with context. Shares concepts with Rugged Software, Rugged DevOps, SecDevOps, DevOpsSec, DevOps
  • 25. Is it like a Supply Chain? • Gating processes are not Deming-like • Security is a design constraint • Decisions made by engineering teams Typical gates for security checks & balances Mistakes and drift often happen after design and build phases that result in weaknesses and potentially exploits Most costly mistakes happen during design • Hard to avoid business catastrophes by applying one-size-fits-all strategies • Security defects is more like a security “recall” design build deploy operate What component is secure enough? How do I secure secrets for the app? Is my app getting attacked? How? How do I secure my app? Faster security feedback loop
  • 26. Can you provide an example of a difference? API KEY EXPOSURE -> 8 HRS DEFAULT CONFIGS -> 24 HRS SECURITY GROUPS -> 24 HRS ESCALATION OF PRIVS -> 5 D KNOWN VULN -> 8 HRS
  • 27. How do we change the game? 27 Security Researchers events billions millions thousands hundreds defects Red Team Pen Test Gauntit Nessus Nexpose NMAP Maltego Qualys Threat Intel Bug Bounty Logs & Events IOCs Security Science TB per Day Correlation Case Management Developer Backlog Security Workflow and Pipeline Actionable Security Features and Defects
  • 28. Is There A Playbook? 28 Operating Model Processes Tooling • Determine defect and feature flows for Security to funnel to distributed teams • Inventory work processes, guidelines, policies, experiments, data and tools • Identify groups, roles and skills required to support processes • Identify friction and measure speed of MTTR • Identify types of decisions • Identify metrics for measuring experiments and adapting processes • Implement Code & Infrastructure Guidelines • Implement Rules Engineering Processes • Implement Security Defect Reporting • Implement Consulting and Requests Process • Implement Infrastructure Templates • Implement Red Team & SOC Processes • Implement Manual Staging Processes • Implement a Decisions Process • Implement an Escalation Process with clear stakeholders • All systems should be run with API inspection available via a Security Fabric. (Systems without inspection require manual intervention.) • Implement Security Portal for feedback consolidation across security processes • Implement Case Management for Requests, Defects, and Incidents • Implement Testing framework • Implement Correlation engine • Implement foundational security controls • Integrate with core organizational systems • Identified opportunities to develop capacity without increasing risk to too high a level • Inventory provides information for Decisions board to help with risk decisions • Decisions board with clear escalation path by type of decision • Ability to Communicate and Train on initial processes • Consistent Ins/Outs of Dynamic Work with standard templates • SDE helps with reducing manual efforts • Ability to build up capacity for Stage Two Expected Issues: Communication changes, adaptation of skills, decisions processes, expectations, audits and risk guidelines mismatch n number of experiments to refine processes and automate where possible outcomes
  • 29. What’s it like to have devsecops fully functioning? Data Security Insights Developer Security Incident Response Anomaly
  • 31. 31 Use your AWS adoption as an opportunity to redefine your operational model
  • 33. Meet David – a software developer 33 I Build It, I Run It! Automation Bugs Incidents Alerts Tests Planned Features Postmortems Operability Improvements Yak-shaving Revenue-Generating Unplanned
  • 34.
  • 35. How PagerDuty supports DevSecOps 35 Self-service Platform / Expertise on-demand Tooling that provides guardrails, metrics, and frictionless escalation when help is needed Build Common Ground Align terminology, visibility, and response process for security and development Drive Security Hygiene Tighten feedback loops from your security- integrated CI/CD pipeline & hand-offs to ITSM / chat Share Security Accountability Make security everyone’s job through rich context and flexible routing
  • 37. 37 How we work is changing
  • 38. ITOps Industrial Ops Customer Support DevOps Business OpsSecOps Analytics Modern Incident Response Enterprise Class Platform EXTENSIBLE | SECURE | RELIABLE | SCALABLE PagerDuty – Platform for Real-time Operations PLATFORM PRODUCTS USE CASES On-Call Management Event Intelligence Visibility 300+ Integrations
  • 39. Summary 39 1. Cloud adoption is an ideal time for changing your operational model. 2. Security must shift to meet developers where they’re at: #DevSecOps. 3. PagerDuty is built for distributing operational accountability - self-service & visibility with less friction.
  • 41. Come visit PagerDuty at Booth #1023 for a chance to win a $500 Airbnb Gift Card* Take our free, 2-min survey to see where you stand in terms of real-time operations maturity.
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dave Cliffe @cliffehangers Shannon Lietz @devsecops
  • 43. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dave Cliffe @cliffehangers Shannon Lietz @devsecops
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.