Leveraging the benefits of the cloud with transparency and control

Size: px

Start display at page:

Download "Leveraging the benefits of the cloud with transparency and control"

Ferdinand Berry
5 years ago
Views:

1 Frankfurt

2 Leveraging the benefits of the cloud with transparency and control Philipp Behre AWS Solutions Architect AWS Enterprise Summit

3 #1: Agility The primary reason businesses are moving so quickly to AWS and the cloud

4 Agility can lead to A Culture of Innovation - Experiment Often & Fail Without Risk From PoC to Production create new business opportunities Project Teams Agility Time-tomarket Selfservice

5 A strong IT Services Team enables innovation Access Management Security Compliance Cloud Operations Auditing and many more IT Service Team Change Management Control Visibility Compliance

6 Today, IT and Project Teams often lack common ground IT Service Team Project Teams Control Visibility Compliance Agility Self-service Time to market

7 It doesn t have to be this way

8 A mutual goal Service Request No more long lines

9 Empower agile teams with standardized self-service IT Service Team Project Teams Create custom services and grant access to developers Use a personalized portal to find & launch services

10 Providing Project Teams with fast provisioning Create and manage Portfolio Add custom products and services Grant access to project teams

11 Achieving self-service with IT approval Find and launch services Automate provisioning Manage AWS resources

Standardize and automate with AWS CloudFormation

Update Provisioning Instruction Instruction

what environment config and utilities does my

12 Standardize and automate with AWS CloudFormation Templatize Version Control Provision Replicate Update Provisioning Instruction Instruction Script(s) Instruction Manual Manual Manual creation order? how long do I pause? what errors can I recover from? what environment config and utilities does my script depend on? can my script be faster? will this script work again? how do I learn all of the AWS APIs?

A smart flow with a big impact 1 2 Creates

13 A smart flow with a big impact 1 2 Creates portfolio 3 Authors template Creates product ProductX ProductY ProductZ 4 8 Adds constraints and grant access AWS CloudFormation template Browse Products Launch Products Portfolio 7 Notifications Deploys stacks Notifications 5 6 8

14 Use cases enabled Standardization: Do I have to reinvent the wheel? Security: How to be safe right from the start? Automation: How can I reuse my work? Control: How do I know what is created? Speed: Do I have to start at zero? Simplicity: Do I need to know all details to start? Convenience: Do I need to manage IT now?

15 Agility in the cloud is awesome!!! Time-to-market Lots of changes Lots of versions

16 Staying on top can be a challenge Access Management Compliance OK Lots of changes Auditing Security

17 Staying on top can be a challenge Access Management Compliance Lots of changes Auditing Security

18 Transparent changes Continuously Changing Resources Recording Continuous Change History Stream AWS Config Snapshot (ex )

19 Use cases enabled Security Analysis: Am I safe? Audit Compliance: Where is the evidence? Change Management: What will this change affect? Troubleshooting: What has changed? Discovery: What resources exist?

20 A cloud-based technology company transforming clinical research for life sciences companies and patients who depend on them. Changes Infrastructure Change Log Audits Regulatory Compliance Engine

21 Record all interactions Project Teams and IT Tean are making API calls... On a growing set of services around the world CloudTrail is continuously recording API calls And delivering log files to customers

22 Managing API audit logs an example approach Account B Analyze (read only) Account B Account C managed by policies AWS APIs Audit read only managed by policies Defines policies, controls access Account A Admin (separate duties) Account C read-only Auditor

23 Use cases enabled Security Analysis: Am I safe? Audit Compliance: Where is the evidence? Troubleshooting: What has changed? Analyze usage patterns: How do usage patterns relate to events?

24 Putting it all together adding monitoring AWS Enterprise Summit

An integrated approach to gain transparency

Catalog Select & provision template change change

stack Monitor Change Monitors AWS & application

25 An integrated approach to gain transparency Create/Update Validate provision publish Service Catalog Select & provision template change change notifies notifies Captures all API interaction Resource stack Monitor Change Monitors AWS & application monitors Alert initiates Monitor Capture Audit Logs Secures audit data Durable Storage

26 An integrated approach to gain transparency Create/Update Validate provision publish Select & provision AWS ServiceCatalog template change change notifies notifies Catalog (resources & changes) Captures all API interaction Resource stack Monitors AWS & application AWS Config Secures audit data AWS CloudTrail monitors Amazon S3 initiates alarm AWS CloudWatch

27 Summary AWS services support your organization to introduce, maintain, and continuously improve governance processes for AWS resources and their usage. Used together they provide continuous transparency into changes, and allow auditing on changes and API interaction. Combined with your organization s existing best practices, processes, and tools you can centrally control and govern your cloud environment without sacrificing the agility and flexibility of the cloud.