DevEX - reference for building teams, processes, and platforms
From Gates to Guardrails: Alternate Approaches to Product Security
1. From Gates to Guardrails:
Alternate Approaches to
Product Security
LASCON 2013
Jason Chan
chan@netflix.com
2. About Me
• Engineering Director @ Netflix:
– Security: Product, App, Ops, IR, etc.
• Previously:
– Led security team @ VMware
– Consultant - @stake, iSEC Partners
11. Netflix Environment
•
•
•
•
•
•
~200 production pushes/day
40m+ subscribers
Support for 1000+ devices
Service in 40+ countries
Concurrent delivery from 3 AWS regions
~1/3 of US download bandwidth at peak
33. ImmutableServer Pattern
• “ . . . a server that once deployed, is
never modified, merely replaced with a
new updated instance.”
– http://martinfowler.com/bliki/
ImmutableServer.html
34. Wrapping Up
• Cloud/DevOps/Agile/CD are
transformative (for org & security)
• Orgs embracing tend to deal in speed
and scale
• Look to culture, visibility, and automation
as security enablers in these
environments