Scaling the Cloud

Bill BurnsSr. Manager, Networks & Security

CISO Executive ForumFebruary 26, 2012

Thursday, March 8, 12

Agenda

•Netflix Background and Culture

•Why We Moved to the Cloud

• InfoSec Challenges in an IaaS Cloud

• InfoSec Perspective: Running In The Cloud

NetflixBusiness

• 24+ million members globally

NetflixBusiness

• Streaming in 47 countries

NetflixBusiness

•Watch on more than 700 devices

NetflixBusiness

•Watch on more than 700 devices

• 33% of US peak evening Internet traffic

Background and Context

•High Performance Culture

•Fail Fast, Learn Fast ... Get Results

•Core Value: “Freedom & Responsibility”

Engineering-Centric Culture

•Sought the Cloud for Availability, Capacity

• ...and also found Agility

•Sought the Cloud for Availability, Capacity

• ...and also found Agility

•DevOps / NoOps means engineering teams own:

•New deployments and upgrades

•Capacity planning & procurement

Freedom&

Responsibility

Freedom&

Responsibility

Why Cloud?

•Transforming Netflix’s Core Business

•Availability, Capacity, Consistency

•Lower operational effort

•Mission Focus

•Agility

Demand vs Capacity

37x growth in13 months

Demand vs Capacity

37x growth in13 months

DataCenter Capacity

Cloud:On-Demand Capacity

1. Demand: Typical pattern of customer requests rise & fall over time

Demand

2. Reaction: System automatically adds, removes servers to the application pool

Demand

# Servers

2. Reaction: System automatically adds, removes servers to the application pool

3. Result: Overall utilization stays constant

Demand

# Servers

Utilization

InfoSec Challenges In An IaaS CloudU"lity'

Authen"city'

Possession'

Confiden"ality'

Integrity'

Availability'

InfoSec Challenge in an IaaS Cloud :: Confidentiality

InfoSec Challenge in an IaaS Cloud :: Integrity

InfoSec Challenge in an IaaS Cloud :: Availability

InfoSec Challenge in an IaaS Cloud :: Possession/Control

InfoSec Challenge in an IaaS Cloud :: Authenticity

Running In The Cloud :: InfoSec Perspective

InfoSec In The Cloud :: Harder

1.“You’re host attacked me yesterday. Please stop!”

1.“You’re host attacked me yesterday. Please stop!”2.Dealing with other people’s traffic at your front door

1.“You’re host attacked me yesterday. Please stop!”2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications

1.“You’re host attacked me yesterday. Please stop!”2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications4.Trusting endpoints, infrastructure

1.“You’re host attacked me yesterday. Please stop!”2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications4.Trusting endpoints, infrastructure5.Key management

InfoSec In The Cloud :: Easier

1.Reacting to business velocity

2.Detecting instance changes

3.Application ownership, management

4.Patching, updating

5.Availability, in a failure-prone environment

6.Embedding security controls

7.Least privilege enforcement

8.Testing/auditing for conformance

9.Consistency, conformity in build and launch

Old IT way:Hand-Crafted configuration

(C) courtesy: Flikr (piper, viamoi)Thursday, March 8, 12

Old IT way:Hand-Crafted configuration

(C) courtesy: Flikr (piper, viamoi)Thursday, March 8, 12

New: Automation

Change Controls ::Patching

• Goal: Running instances do not get patched• Alternative:

• Bake a new AMI for any change• Launch new instances in parallel• Kill the old instances

Change Controls ::Upgrades• Bake a new AMI for any

change

• Launch new instances in parallel

• Kill the old instances

Lesson Learned: Make the secure, consistent behavior the easier alternative.

Availability :: Never Launch One of Anything

(c) Courtesy Flikr - WintonThursday, March 8, 12

•Chaos Monkey induces failures, helps us practice recovery

•Balance across Availability Zones

•Applications automatically scale-out, regenerate

•Conformity Monkey detects differences, improper settings

Identity Challenges :: Vendors Lagging

• Cloud instances are ephemeral

• Customers cannot necessarily pick their IP addresses, ranges

• Instances need to base context on apps, services, tagging (not IPs)

• Vendors need better support for ephemeral licensing, stateless instances, self-config

• Cloud instances are ephemeral

• Customers cannot necessarily pick their IP addresses, ranges

• Instances need to base context on apps, services, tagging (not IPs)

• Vendors need better support for ephemeral licensing, stateless instances, self-config

• Machine capacity is no longer a CapEx friction item.

Conformity&Consistency

Automation =Conformity &Consistency

• All apps, tiers are Highly Available

• Secure defaults applied automatically

• Replacement instances look just like the originals

• All apps, tiers are Highly Available

• Secure defaults applied automatically

• Replacement instances look just like the originals

Baked-In Security Controls :: Netflix Simian Army

• Cloud Ready Dashboard

• Identify and test common failure modes

• Continuous, aggressive monitoring, testing

• Mostly opt-In

• Chaos Monkey - Randomly kills instances

• Mostly opt-In

• Conformity Monkey - Various policy checks

• Mostly opt-In

• Latency Monkey – Induces random latency

• Mostly opt-In

• Janitor Monkey – Kills orphaned instances

• Mostly opt-In

• Security Monkey – Various security checks

• Mostly opt-In

• Exploit Monkey – Vuln Scans / Pen Tests

• Mostly opt-In

• Exploit Monkey – Vuln Scans / Pen Tests

• Unnamed – File integrity monitoring, HIDS

Embedded Security Controls

• Controls baked into the “base AMI”

• Controls placed near the data

• Applied as machines die/reborn

• Controls baked into the “base AMI”

• Controls placed near the data

• Applied as machines die/reborn

• Security controls are “Data Center agnostic”

• Provide a “single pane of glass” awareness

• Span all regions, data centers

CISO ForumTake-Aways

1. The public cloud / IaaS is not just a technology.

2. Cloud IaaS is disruptive to Operations, Engineering, Vendors, Auditors.

3. Your Data is your new perimeter.

4. Design for failures in everything.

5. IaaS providers care about their infrastructure.

6. Public cloud Information Security is still about the basics, but in a new context.

7. There’s still plenty left to resolve, like trusted infrastructure, strong key management, COTS support.

Questions

Scaling the Cloud - Cloud Security

Technology

Scaling web application in the Cloud

Cloud Security - Security Aspects of Cloud Computing

Basics of Cloud Computing –Lecture 3 Scaling Applications ...€¦ · Basics of Cloud Computing –Lecture 3 Scaling Applications on the Cloud Satish Srirama. Outline • Scaling

Scaling Hailo in the cloud @ davegardnerisme Cloud Expo Europe January 2013

Cloud Security Overview RAPID7 INSIGHT PLATFORM · PDF filepublically available data in Amazon Web Services ... and application scans, ... Cloud Security Overview. 6. AUTO-SCALING

Scaling drupal horizontally and in cloud

Scaling Rails Applications In The Cloud

Cloud Security Certification - Certified Cloud Security

Universe of Cyber Security€¦ · of scaling security at the speed of data. In preparation for the upcoming cyberwars, it’s time we start looking at the Cloud to deliver security

Techniques for scaling application with security and visibility in cloud

Toward Scaling Hardware Security Module for Emerging …sgxhsm-slides.pdfToward Scaling Hardware Security Module for Emerging Cloud Services Juhyeng Han, Seongmin Kim, TaesooKim

Scaling in the cloud mswebcafe

Scaling with the Cloud: Strategies for Storage in Cloud Deployments

Cloud Security Alliance Guide to Cloud Security

Scaling search with Solr Cloud

MongoDB : Scaling, Security & Performance

Sizing, Building, and Scaling a Hybrid Cloud

CodeFutures - Scaling Your Database in the Cloud

Scaling the cloud

Scaling Xen Within Rackspace Cloud Servers