Presentation slides from Black Hat 2016. Presented by Sami Laine, Principal Technologist at CloudPassage & Aaron McKeown, Lead Security Architect of Xero.
9. J DF M A M J J A S O N
Analysis and design Coding & implementation Quality testing Staging and release
R1
Transformation of Application Delivery
10. Quality testing
Staging and release
J DF M A M J J A S O N
Analysis and design
Coding and implementation
R1 R12R11R10R2 R3 R4 R5 R6 R7 R8 R9
Transformation of Application Delivery
11. Quality testing
Staging and release
J DF M A M J J A S O N
Analysis and design
Coding and implementation
R1 R12R11R10R2 R3 R4 R5 R6 R7 R8 R9
Transformation of Application Delivery
30. 1,450+
Staff globally
$
474m
raised in capital
$
202m
sub revenue FY16
23m+
businesses have interacted
on the Xero platform
$
1tr
incoming and outgoing
transactions in past 12 mths
450m
incoming and outgoing
transactions in past 12 mths
All figures shown are in NZD
32. Public cloud
migration
Improving data protection
Eliminating scheduled downtime
Maintaining and improving security
Support the next wave of growth
Reducing our cost to serve
33. Key challenges
Skills are scarce
Regional representation and recommendations
Application architecture has to change
Automation is key
Need to focus on visibility
Third party commercial models need to change
34. Key principles
Repeatable and
automated build
and management of
security systems
Accelerated pace of
security innovation
On-demand security
infrastructure that
works at any scale
35. Security as a service
VPN
connectivity
Host
Based
Security
Web
Application
Security and
Delivery
Shared Key
Management
Services
Security
Operations
and
Consulting
Services
Secure
Bastion
Access
Proxy Services
36. Multi-Factor Authentication
• Secure AWS with:
• password + MFA or access key + MFA
• Secure ALL systems with MFA
• Enable MFA enhanced features
• Use multiple MFA systems
37. Configuration Drift Management
• CloudTrail, Config and the AWS Console
provide a lot of great information
• Can be hard to find the needle in the
haystack…
• Use Netflix Security Monkey to provide a
“Single Pane of Glass”
38. Host Security Automation
• Monitor, Detect and Defend at the Host level
• Elasticity and Automation are key
• Integrate, visibility is important
• Use “Defence in Depth” model, protect every layer
• Use an agile approach from deployment through to
operations
39. Key learnings
Measure and Test, Monitor
Everything
Welcome to the cloud -
"Where's my span port"?
Security by Design -
What's that?
Communication is Key -
Who are your spokespeople?
40. Final takeaways
Repeatable and
automated build
and management of
security systems
Accelerated pace of
security innovation
On-demand security
infrastructure that
works at any scale