Submit Search
Upload
Cloud Security @ Netflix
•
4 likes
•
1,812 views
Jason Chan
Follow
Presented at the Seattle AWS Architects and Engineers meetup on 11/3/2014.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 92
Recommended
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Amazon Web Services
Zero to Sixty: AWS Elastic Beanstalk (DMG204) | AWS re:Invent 2013
Zero to Sixty: AWS Elastic Beanstalk (DMG204) | AWS re:Invent 2013
Amazon Web Services
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
Amazon Web Services
(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live By
Amazon Web Services
Mastering the AWS SDK for PHP (TLS306) | AWS re:Invent 2013
Mastering the AWS SDK for PHP (TLS306) | AWS re:Invent 2013
Amazon Web Services
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
Amazon Web Services
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Amazon Web Services
Recommended
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Amazon Web Services
Zero to Sixty: AWS Elastic Beanstalk (DMG204) | AWS re:Invent 2013
Zero to Sixty: AWS Elastic Beanstalk (DMG204) | AWS re:Invent 2013
Amazon Web Services
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
(SEC303) Mastering Access Control Policies | AWS re:Invent 2014
Amazon Web Services
(SEC302) IAM Best Practices To Live By
(SEC302) IAM Best Practices To Live By
Amazon Web Services
Mastering the AWS SDK for PHP (TLS306) | AWS re:Invent 2013
Mastering the AWS SDK for PHP (TLS306) | AWS re:Invent 2013
Amazon Web Services
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
Amazon Web Services
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Amazon Web Services
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
Amazon Web Services
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
Amazon Web Services
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
Amazon Web Services
Security Day IAM Recommended Practices
Security Day IAM Recommended Practices
Amazon Web Services
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
Amazon Web Services
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
Amazon Web Services
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
Amazon Web Services
AWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWS
Amazon Web Services
Become an IAM Policy Ninja
Become an IAM Policy Ninja
Amazon Web Services
Crypto Options in AWS
Crypto Options in AWS
Amazon Web Services
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Amazon Web Services
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
Amazon Web Services
(DVO304) AWS CloudFormation Best Practices
(DVO304) AWS CloudFormation Best Practices
Amazon Web Services
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Amazon Web Services
Containers and the Evolution of Computing
Containers and the Evolution of Computing
Amazon Web Services
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
Security and Compliance
Security and Compliance
Amazon Web Services
Practical Security Automation
Practical Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
More Related Content
What's hot
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
Amazon Web Services
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
Amazon Web Services
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
Amazon Web Services
Security Day IAM Recommended Practices
Security Day IAM Recommended Practices
Amazon Web Services
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
Amazon Web Services
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
Amazon Web Services
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
Amazon Web Services
AWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWS
Amazon Web Services
Become an IAM Policy Ninja
Become an IAM Policy Ninja
Amazon Web Services
Crypto Options in AWS
Crypto Options in AWS
Amazon Web Services
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Amazon Web Services
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
Amazon Web Services
(DVO304) AWS CloudFormation Best Practices
(DVO304) AWS CloudFormation Best Practices
Amazon Web Services
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Amazon Web Services
Containers and the Evolution of Computing
Containers and the Evolution of Computing
Amazon Web Services
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
Security and Compliance
Security and Compliance
Amazon Web Services
What's hot
(20)
Amazon Web Services Security
Amazon Web Services Security
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
(SEC202) Closing the Gap: Moving Critical, Regulated Workloads to AWS | AWS r...
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
(DEV306) Building Cross-Platform Applications Using the AWS SDK for JavaScrip...
Security Day IAM Recommended Practices
Security Day IAM Recommended Practices
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWS
Become an IAM Policy Ninja
Become an IAM Policy Ninja
Crypto Options in AWS
Crypto Options in AWS
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
AWS re:Invent 2016: Become an AWS IAM Policy Ninja in 60 Minutes or Less (SAC...
(DVO304) AWS CloudFormation Best Practices
(DVO304) AWS CloudFormation Best Practices
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Becoming an AWS Policy Ninja using AWS IAM - AWS Summit Tel Aviv 2017
Containers and the Evolution of Computing
Containers and the Evolution of Computing
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Security and Compliance
Security and Compliance
Viewers also liked
Practical Security Automation
Practical Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
The Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
Defending Netflix from Abuse
Defending Netflix from Abuse
Jason Chan
Practical Cloud Security
Practical Cloud Security
Jason Chan
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Viewers also liked
(8)
Practical Security Automation
Practical Security Automation
Careers in Security
Careers in Security
The Psychology of Security Automation
The Psychology of Security Automation
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Defending Netflix from Abuse
Defending Netflix from Abuse
Practical Cloud Security
Practical Cloud Security
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Similar to Cloud Security @ Netflix
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
Sebastien Gioria
Amazon Web Services for PHP Developers
Amazon Web Services for PHP Developers
Jeremy Lindblom
Elasticsearch sur Azure : Make sense of your (BIG) data !
Elasticsearch sur Azure : Make sense of your (BIG) data !
Microsoft
Elasticsearch in 15 Minutes
Elasticsearch in 15 Minutes
Karel Minarik
Asterisk, HTML5 and NodeJS; a world of endless possibilities
Asterisk, HTML5 and NodeJS; a world of endless possibilities
Dan Jenkins
AWS IoT Core Workshop (IOT305-R1) - AWS re:Invent 2018
AWS IoT Core Workshop (IOT305-R1) - AWS re:Invent 2018
Amazon Web Services
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Huy Nguyen
Getting Started with AWS IoT - IOT203 - re:Invent 2017
Getting Started with AWS IoT - IOT203 - re:Invent 2017
Amazon Web Services
IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoT
Amazon Web Services
Micro app-framework - NodeLive Boston
Micro app-framework - NodeLive Boston
Michael Dawson
Micro app-framework
Micro app-framework
Michael Dawson
The Enterprise Architecture you always wanted: A Billion Transactions Per Mon...
The Enterprise Architecture you always wanted: A Billion Transactions Per Mon...
Thoughtworks
Rapid Infrastructure Provisioning
Rapid Infrastructure Provisioning
Uchit Vyas ☁
[Coscup 2012] JavascriptMVC
[Coscup 2012] JavascriptMVC
Alive Kuo
Running Vue Storefront in production (PWA Magento webshop)
Running Vue Storefront in production (PWA Magento webshop)
Vendic Magento, PWA & Marketing
What Is Happening At The Edge
What Is Happening At The Edge
Amazon Web Services
fog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloud
Wesley Beary
Re:inventing EC2 Instance Launches with Launch Templates - SRV335 - Chicago A...
Re:inventing EC2 Instance Launches with Launch Templates - SRV335 - Chicago A...
Amazon Web Services
Crossing the Bridge: Connecting Rails and your Front-end Framework
Crossing the Bridge: Connecting Rails and your Front-end Framework
Daniel Spector
The Best (and Worst) of Django
The Best (and Worst) of Django
Jacob Kaplan-Moss
Similar to Cloud Security @ Netflix
(20)
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
Amazon Web Services for PHP Developers
Amazon Web Services for PHP Developers
Elasticsearch sur Azure : Make sense of your (BIG) data !
Elasticsearch sur Azure : Make sense of your (BIG) data !
Elasticsearch in 15 Minutes
Elasticsearch in 15 Minutes
Asterisk, HTML5 and NodeJS; a world of endless possibilities
Asterisk, HTML5 and NodeJS; a world of endless possibilities
AWS IoT Core Workshop (IOT305-R1) - AWS re:Invent 2018
AWS IoT Core Workshop (IOT305-R1) - AWS re:Invent 2018
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Grokking Engineering - Data Analytics Infrastructure at Viki - Huy Nguyen
Getting Started with AWS IoT - IOT203 - re:Invent 2017
Getting Started with AWS IoT - IOT203 - re:Invent 2017
IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoT
Micro app-framework - NodeLive Boston
Micro app-framework - NodeLive Boston
Micro app-framework
Micro app-framework
The Enterprise Architecture you always wanted: A Billion Transactions Per Mon...
The Enterprise Architecture you always wanted: A Billion Transactions Per Mon...
Rapid Infrastructure Provisioning
Rapid Infrastructure Provisioning
[Coscup 2012] JavascriptMVC
[Coscup 2012] JavascriptMVC
Running Vue Storefront in production (PWA Magento webshop)
Running Vue Storefront in production (PWA Magento webshop)
What Is Happening At The Edge
What Is Happening At The Edge
fog or: How I Learned to Stop Worrying and Love the Cloud
fog or: How I Learned to Stop Worrying and Love the Cloud
Re:inventing EC2 Instance Launches with Launch Templates - SRV335 - Chicago A...
Re:inventing EC2 Instance Launches with Launch Templates - SRV335 - Chicago A...
Crossing the Bridge: Connecting Rails and your Front-end Framework
Crossing the Bridge: Connecting Rails and your Front-end Framework
The Best (and Worst) of Django
The Best (and Worst) of Django
More from Jason Chan
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Real World Cloud Application Security
Real World Cloud Application Security
Jason Chan
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
Cloud Security at Netflix
Cloud Security at Netflix
Jason Chan
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
More from Jason Chan
(7)
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Real World Cloud Application Security
Real World Cloud Application Security
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Cloud Security at Netflix
Cloud Security at Netflix
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Recently uploaded
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
Sri Ambati
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Recently uploaded
(20)
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
How to write a Business Continuity Plan
How to write a Business Continuity Plan
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Cloud Security @ Netflix
1.
Cloud&Security&@&Ne0lix Adap%ng(Security(for(Modern(So4ware Jason&Chan
chan@ne'lix.com.:.@chanjbs Sea$le&AWS&Architects&&&Engineers
2.
3.
Me Current:(Ne*lix(Security Product,)app,)ops,)infra,)corp,)fraud,)privacy,)abuse,)IR
Previous: Infosec(@(VMware,(consul2ng:(@stake,(iSEC(Partners
4.
5.
6.
14m$users$in$1+$year
7.
14m$users$in$1+$year 150m%photos
8.
14m$users$in$1+$year 150m%photos 3"engineers
9.
14m$users$in$1+$year 150m%photos 3"engineers
$1B$acquisi+on$by$FB
10.
11.
So#.#.#.
12.
idea%+%cloud%=%profit!
13.
14.
15.
So#.#.#.
16.
17.
Goal:&Cloud&&&AWS&benefits,&securely
18.
Typically,)how)do)you:
19.
Create&a&user&account
20.
Create&a&user&account Inventory)your)systems
21.
Create&a&user&account Inventory)your)systems Update'a'firewall'config
22.
Create&a&user&account Inventory)your)systems Update'a'firewall'config
Make%a%forensic%image
23.
Create&a&user&account Inventory)your)systems Update'a'firewall'config
Make%a%forensic%image Disable(a(MFA(token
24.
In#AWS#.#.#.
25.
CreateUser() DescribeInstances() AuthorizeSecurityGroupIngress()
CreateSnapshot() Deac%vateMFADevice()
26.
27.
28.
29.
So#ware,)now
30.
Agile
31.
Microservices
32.
Immutable) Infrastructure
33.
DevOps/NoOps
34.
So#.#.#.#what#about#security?
35.
36.
37.
38.
39.
40.
41.
Visibility Knowing'the'Environment
42.
43.
Discover
44.
Discover Inventory
45.
Discover Inventory Test
46.
Discover Inventory Test
Report
47.
48.
Open%ELB%Example 1. Dump'list'of'ELBs'with'listeners
2. Connect'to'ELBs'from'arbitrary'Internet'IP 3. Evaluate'status'code'(200/300'or'403) 4. Compare'results'against'expected 5. Fix'anomalies,'educate'engineers,'and'update'expected'(manual)'
49.
Knowing'the'Environment'/'Takeaways Tailor'discovery'to'rate'of'change Think&about&normaliza0on&of&discovery&data
50.
Visibility Risk%Priori)za)on
51.
52.
Connec&vity+ Analysis+via+Ne1lix+ OSS
53.
54.
55.
56.
Risk%Priori)za)on%-%Takeaways What%is%measurable?%(objec3vely) Use$as$an$input,$not$law
57.
Visibility Mul$%Layer+Security+Tes$ng
58.
Deconstruc*ng,security,tes*ng
59.
60.
61.
Ne#lix'Deployment'Pipeline
62.
63.
Integrated)tes+ng)for)CI/CD
64.
65.
66.
Mul$%Layer+Security+Tes$ng+%+Takeaways What%conversa-ons%can%you%avoid? Is#there#a#pyramid#you#can#leverage?
67.
Visibility Configura)on*Monitoring
68.
69.
AWS$Op'ons
70.
Bill$as$IDS AWS$Billing$Alerts
71.
72.
CloudTrail Logging&of&API&calls
73.
74.
{ "Records": [{
"eventVersion": "1.0", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::123456789012:user/Alice", "accessKeyId": "EXAMPLE_KEY_ID", "accountId": "123456789012", "userName": "Alice" }, "eventTime": "2014-03-06T21:22:54Z", "eventSource": "ec2.amazonaws.com", "eventName": "StartInstances", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.176", "userAgent": "ec2-api-tools 1.6.12.2", "requestParameters": { "instancesSet": { "items": [{ "instanceId": "i-ebeaf9e2" }] } },
75.
"responseElements": { "instancesSet":
{ "items": [{ "instanceId": "i-ebeaf9e2", "currentState": { "code": 0, "name": "pending" }, "previousState": { "code": 80, "name": "stopped" } }] } } }, ... additional entries ... ] }
76.
Trusted(Advisor Checks'config'vs.'best'prac3ces
77.
78.
79.
Shameless(Plug(Sec-on(of(the(Talk
80.
Edda AWS$config$history
81.
What%instance%has%a%given%public%IP? $ curl
"http://edda/api/v2/view/instances;publicIpAddress=1.2.3.4;_since=0" ["i-0123456789","i-012345678a","i-012345678b"]
82.
What%is%the%most%recent%change%to%a%security% group? $
curl "http://edda/api/v2/aws/securityGroups/sg-0123456789;_diff;_all;_limit=2"
83.
$ curl "http://edda/api/v2/aws/securityGroups/sg-0123456789;_diff;_all;_limit=2"
--- /api/v2/aws.securityGroups/sg-0123456789;_pp;_at=1351040779810 +++ /api/v2/aws.securityGroups/sg-0123456789;_pp;_at=1351044093504 @@ -1,33 +1,33 @@ { "class" : "com.amazonaws.services.ec2.model.SecurityGroup", "description" : "App1", "groupId" : "sg-0123456789", "groupName" : "app1-frontend", "ipPermissions" : [ { "class" : "com.amazonaws.services.ec2.model.IpPermission", "fromPort" : 80, "ipProtocol" : "tcp", "ipRanges" : [ "10.10.1.1/32", "10.10.1.2/32", + "10.10.1.3/32", - "10.10.1.4/32" ], "toPort" : 80, "userIdGroupPairs" : [ ] } ], "ipPermissionsEgress" : [ ], "ownerId" : "2345678912345", "tags" : [ ], "vpcId" : null }
84.
Security)Monkey
85.
86.
Configura)on*Monitoring*.*Takeaways Config&changes&have&a&con-nuum&of&safety Find%ways%to%observe%and%differen1ate
87.
Conclusions
88.
89.
90.
91.
AWS$Security$Resources h"p://&ny.cc/awssecurity
92.
Thank&you! chan@ne'lix.com.:.@chanjbs