fast forward
play

Fast Forward Reflecting on a Life of Watching Movies and a Career - PowerPoint PPT Presentation

Jun 28, 2023 •337 likes •1.08k views

Fast Forward Reflecting on a Life of Watching Movies and a Career in Security Jason Chan VP, Information Security @ Netflix @chanjbs Credit: @LoulouHoltz So . . . what does this have to do with security? Credit: @matt_tesauro Back to the

  1. Fast Forward Reflecting on a Life of Watching Movies and a Career in Security Jason Chan VP, Information Security @ Netflix @chanjbs

  4. Credit: @LoulouHoltz

  9. So . . . what does this have to do with security?

  17. Credit: @matt_tesauro

  18. Back to the movies . . .

  20. Basics Non-Functional Requirements Infrastructure Deployment Performance Reliability Technology Observability Scalability Operations Standards Core Functionality Upgrades Migrations Security Other Campaigns Change

  21. Reducing Cognitive Load for Developers

  25. Simplifying the Security Interface for Developers

  26. Are you trying to make your engineers security experts? Or do you just want them to build and operate secure systems?

  27. What security functions can we abstract to simplify the developer experience?

  28. Netflix Studio Engineering

  31. Netflix Studio Engineering Optimize production from “pitch to play” Lots of innovation and iteration

  32. Netflix Studio Apps Studio LOB App A Netflix Studio User Studio LOB App N

  33. Simplify and Improve Security through Functionality Abstraction

  34. Leverage Netflix OSS - Zuul “built to enable dynamic routing, monitoring, resiliency and security” https://github.com/Netflix/zuul/wiki

  35. Netflix Studio Apps with Zuul and Wall-E Studio LOB App A Wall-E Netflix Studio User Studio LOB App N Pre-Filters Post-Filters Rate Limit Schema Check IP Blacklist Sec Headers Authentication DLP Authorization SigSci WAF Schema Check

  37. Results Lower cognitive load for onboarding security Centralized and managed functionality Frees developers to build the Netflix Studio!

  39. Blurring Lines: App and Infra Monolith to microservices: network Immutable infra: OS, custom app, middleware Infra as code: Everything!

  40. Tackling App and Infra Integration: Seamless Least Privilege

  41. The Magic of IaaS Storage Database Email Services Instances Message Hadoop Queue

  42. Ex: Cloud Based Word Processor

  43. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["*:*"] "Resource": "*" }

  44. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:*"] "Resource": "*" }

  45. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject"] "Resource": "*" }

  46. Ex: Cloud Based Word Processor { "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObject"] "Resource": " arn:aws:s3:::wp_bucket " }

  48. AWS provides data about API use This data acts as a basis for action

  49. When a new application is created, we provide a base set of permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  50. We observe the application to see which permissions are actually used

  51. We then remove unused permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  52. We then remove unused permissions s3:GetObject s3:PutObject ... ... ... ... sqs:ReceiveMessage

  53. Available as OSS - Repokid https://github.com/Netflix/repokid

  55. Results Low-risk access reduction Transparent and versioned ops Innovation and high-velocity development without friction

  57. Potential for “Controlled” Anarchy Microservices YBIYRI Polyglot and multiple tech stacks Independent deployments Intentionally decentralized governance leads to increased attack surface

  60. Managing the Anarchy

  62. The Security Paved Road ● Well-supported solutions from central teams ● Clarifies and evangelizes successful patterns and practices ● Automated observation and evaluation of adoption ● Provides a standard way of interfacing with engineering teams about security ● Uncover risk and reward operational excellence

  63. Security Paved Road (ex.) Example Solutions & Measures Per-app IAM role Per-app Security Group No secrets in code Instance identity Updated machine image

  64. Security Paved Road Quarterly Change Cycle Commit to update once per quarter to pull in upgrades, library changes, and modifications to paved road components

  66. Security Paved Road Security Brain Make our expectations, asks, and recommendations explicit and easy to navigate

  67. Customized view for the user Open security issues Recommended practices

  68. Most security backlog is standard; explicitly limit bespoke/custom backlog

  71. In closing . . .

  72. Overall Takeaways Stay attuned to trends Simplify and standardize Favor transparent decisions Measure adoption and uptake Get comfortable with tradeoffs

  73. Thank you! @chanjbs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile

JIT-Assisted Fast-Forward Embedding and Instrumentation to Enable Fast, Accurate, and Agile Simulation Berkin Ilbeyi and Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University

541 views • 24 slides
Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1

Fast Forward I/O & Storage Eric Barton Lead Architect High Performance Data Division 1 Department of Energy - Fast Forward Challenge FastForward RFP provided US Government funding for exascale research and development Sponsored by 7

505 views • 21 slides
MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and

MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and

MOVING FORWARD, MOVING FAST, ON SOLID GROUND: FAST, ON SOLID GROUND: An Effective and Sustainable Judicial Reform Agenda Reform Agenda Maria Lourdes P. A. Sereno Chi f J Chief Justice ti September 18 2012 September 18, 2012 BACKGROUND:

316 views • 18 slides
Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts

Monter nterey-Sali Salinas nas Transit ansit Community Update MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast st Facts cts MST T Fast ast Facts acts 231,706 miles between preventable accidents 89% on time

198 views • 19 slides
DISCUSSION: Following the September 17, 2015 adoption of the RTP-SCS Public Participation Plan,

DISCUSSION: Following the September 17, 2015 adoption of the RTP-SCS Public Participation Plan,

JTAC STAFF REPORT Fast Forward 2040 Phase 1 Public Outreach Presentation SUBJECT: MEETING DATE: November 5, 2015 AGENDA ITEM: 5 Michael Becker, Peter Imhof STAFF CONTACT: RECOMMENDATION: Receive the Fast Forward 2040 phase 1 public

444 views • 18 slides
Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017

Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017

Fast F Forward 2 2017: Self Driving Cars in Our Communities Monday, December 4 th , 2017 Westborough, MA Paul M Matthe hews 495/MetroWest Partnership Al Alison F Felix Metropolitan Area Planning Council Rafael M Mares

873 views • 56 slides
Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan

Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan

Fast methods for Bayesian inverse problems with uncertain PDE forward models Ilona Ambartsumyan and Omar Ghattas Oden Institute for Computational Engineering and Sciences The University of Texas at Austin Example of inverse problem with

434 views • 27 slides
FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017

FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, May 11, 2017 GRADUATE FELLOWSHIP PROGRAM Funding for Ph.D. students revolutionizing disciplines with the GPU Engage: Build mindshare Facilitate

909 views • 66 slides
Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward

Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward

Being a METS Startup Fast Failure; Fast Reward November 2016 Fast Failure; Fast Reward Fireside Chat Story so far What mindset do you need? Whats different about this market? Fast Reward 2 Fireside Chat Clear

508 views • 12 slides
A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 |

A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 |

A FAST FORWARD THROUGH RAY TRACING GEMS Eric Haines, Distinguished Engineer | March 21, 2019 | Talk S9872 1 There is an old joke that goes, Ray tracing is the technology of the future, and it always will be! David Kirk, March 2008 2

825 views • 48 slides
Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR:

Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR:

Fast Forward Urbanism: Building New Cities in the (so-called) Global South A PRESENTATION FOR: Cities at the Center of the World Conference Center for Global Studies George Mason University Woodrow Wilson Center for International Scholars

551 views • 21 slides
GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March

GRADUATE FELLOW FAST FORWARD Bill Dally, Chief Scientist and SVP Research, NVIDIA Thursday, March 21, 2019 GRADUATE FELLOWSHIP PROGRAM Funding for Ph.D. students revolutionizing disciplines with the GPU Engage: Build mindshare Facilitate

1.2k views • 109 slides
With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential

With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential

BATT: TSX-V BBBMF: US Battery Metal Assets Battery Metal Assets In a Low-Risk Jurisdiction With Fast Track Potential In a Low-Risk Jurisdiction With Fast Track Potential www.bluebirdbatterymetals.com Forward Looking Statements This

673 views • 26 slides
The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto

The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto

The Fast Track Diploma Programme Introduction Congratulations to you all for being accepted onto our Fast Track Diploma Programme. Were really excited to be providing this wonderful opportunity for our members and look forward to getting to

567 views • 14 slides
Introduction Graphics cards can render a lot, and fast But never as much or as fast as

Introduction Graphics cards can render a lot, and fast But never as much or as fast as

10/3/2012 Introduction Graphics cards can render a lot, and fast But never as much or as fast as wed like! Updating the game world can involve a lot of Scene Management objects Consider Dragonfly doing collision detection

375 views • 3 slides
Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food?

Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food?

Fast Food and Your Health www.ddssafety.net Last updated October 2009 What is fast food? Fast food is food made fast like: Pizza, burritos, burgers, and fries Too much fast food can be bad for you. 2 www.ddssafety.net Last

778 views • 10 slides
Chapter 3 Instruction-Level Parallelism and its Exploitation (Part 3) ILP vs. Parallel

Chapter 3 Instruction-Level Parallelism and its Exploitation (Part 3) ILP vs. Parallel

Chapter 3 Instruction-Level Parallelism and its Exploitation (Part 3) ILP vs. Parallel Computers Dynamic Scheduling (Section 3.4, 3.5) Dynamic Branch Prediction (Section 3.3, 3.9, and Appendix C) Hardware Speculation and Precise Interrupts

656 views • 28 slides
The Lurch Project A word processor that checks your math Nathan Carter Bentley University

The Lurch Project A word processor that checks your math Nathan Carter Bentley University

The Lurch Project A word processor that checks your math Nathan Carter Bentley University Classic board game Modern game Modern game Modern game Modern game Contrast Classic board Modern video games games require reading and teach

674 views • 33 slides
1 Click to add text 2 Please keep yourself muted during the presentation. ~ Please write any

1 Click to add text 2 Please keep yourself muted during the presentation. ~ Please write any

1 Click to add text 2 Please keep yourself muted during the presentation. ~ Please write any questions you Click to add text may have in the Chat box and we will review in Q&A. (look for the Chat icon at the bottom of your Zoom

395 views • 15 slides
DISTRIBUTIONAL SEMANTICS AND COMPOSITIONALITY Corina Dima April 23rd, 2019 COURSE LOGISTICS

DISTRIBUTIONAL SEMANTICS AND COMPOSITIONALITY Corina Dima April 23rd, 2019 COURSE LOGISTICS

DISTRIBUTIONAL SEMANTICS AND COMPOSITIONALITY Corina Dima April 23rd, 2019 COURSE LOGISTICS Who? Corina Dima o ffi ce: 1.05, Wilhelmstr. 19 email: corina.dima@uni-tuebingen.de o ffi ce hours: Tuesdays, 14-15 (please email me

1.15k views • 52 slides
1 Performance testing Security Testing Is data/access safe from those who should Test for

1 Performance testing Security Testing Is data/access safe from those who should Test for

Test Specifications Quality Assurance: What questions do I want to answer about this code? Think of this as experiment design Test Development & Execution In what dimensions will I ask these questions? CSE 403 Functionality

380 views • 8 slides
Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer Programs Engineer @ Google October 4th, 2018 Agenda Ops CI/CD Serverless Testing 1 Testing: a background An overview of testing strategies

483 views • 32 slides
Project Report Guidelines Written report due Dec 9, midnight Kalev Kask ICS 271 Fall 2018

Project Report Guidelines Written report due Dec 9, midnight Kalev Kask ICS 271 Fall 2018

Project Report Guidelines Written report due Dec 9, midnight Kalev Kask ICS 271 Fall 2018 271-fall 2018 Programming Project One (written) report per team Grading is based on Quality of work (50%) Quality of report (50%)

85 views • 6 slides
THE LARGEST SHIFT IN THE WAY WE LIVE - EVER AT THE SAME TIME BIRTHRATES Demographic shift. It is a

THE LARGEST SHIFT IN THE WAY WE LIVE - EVER AT THE SAME TIME BIRTHRATES Demographic shift. It is a

THE LARGEST SHIFT IN THE WAY WE LIVE - EVER AT THE SAME TIME BIRTHRATES Demographic shift. It is a COLLAPSE WORLDWIDE remarkable thing. We are experiencing the most rapid change in the nature of human habitat ever seen. Within the next five

368 views • 33 slides

More recommend