AWS in Government: myths, risks, and misconceptions

Transcript

1. Digital Transformation Office AWS in government: Risks, myths, and misconceptions

   Lindsay Holmwood Head of Development @auxesis dto.gov.au

2. dto.gov.au Digital Transformation Office

3. dto.gov.au We're here to make government services simpler, clearer and

   faster for everyone

4. dto.gov.au 1/ We collaborate with agencies to transform services so

   that they meet user needs

5. dto.gov.au 2/ We create whole-of-government platforms to support service transformation

6. dto.gov.au 3/ We develop policies and standards to help government

   transform services consistently

7. dto.gov.au We run EVERYTHING on AWS

8. dto.gov.au Dev & Staging & QA & Production

9. dto.gov.au Myths

10. dto.gov.au “We can’t store data securely”

11. dto.gov.au On ASD’s CCSL

12. dto.gov.au EBS + EC2 + S3 + VPC You can

    run a lot of workloads on this.

13. dto.gov.au ASD acknowledges risks of in-house systems

14. dto.gov.au “Organisations need to perform a risk assessment and implement

    associated mitigations before using cloud services.” – Cloud Computer Security For Tenants, ASD

15. dto.gov.au “Risks vary depending on factors such as the sensitivity

    and criticality of data to be stored or processed, how the cloud service is implemented and managed, how the organisation intends to use the cloud service, and challenges associated with the organisation performing timely incident detection and response.” – Cloud Computer Security For Tenants, ASD

16. dto.gov.au “Organisations need to compare these risks against an objective

    risk assessment of using in-house computer systems which might: be poorly secured; have inadequate availability; or, be unable to meet modern business requirements.”” – Cloud Computer Security For Tenants, ASD

17. dto.gov.au Please read: Cloud Computing Security for Tenants http://www.asd.gov.au/publications/protect/Cloud_Computing_Security_for_Tenants.pdf

18. dto.gov.au There are strategies for making data available on AWS

19. dto.gov.au id name email medicare Protected row ❌ Can’t store

    this on AWS

20. dto.gov.au id name email medicare Unclassified columns ✅ Can store

    this on AWS

21. dto.gov.au

22. dto.gov.au Misconceptions

23. dto.gov.au “We’ll run it like physical infrastructure”

24. dto.gov.au *buy RIs for 3 years*

25. dto.gov.au Yes, you’ll get a cost saving

26. dto.gov.au BUT

27. dto.gov.au Value of AWS is not low cost compute

28. dto.gov.au Value of AWS is on-tap capacity

29. dto.gov.au We can’t extract this value unless we build and

    run services like AWS recommends

30. dto.gov.au We have to think differently about our architecture

31. dto.gov.au Buying RIs is a risk if you don’t know

    your workloads

32. dto.gov.au You don’t know what your workloads are going to

    be 3 years from now

33. dto.gov.au You might: Optimise your code to run in parallel,

    across many cheaper instances

34. dto.gov.au You might: Shift your workloads to spot instances, for

    on-demand calculations

35. dto.gov.au How to control spend:

36. dto.gov.au How to control spend: Start with on-demand instances

37. dto.gov.au How to control spend: Track your spend over multiple

    months, identify instance types that are constantly used

38. dto.gov.au How to control spend: Then buy RIs for a

    year

39. dto.gov.au How to control spend: If you’re really keen, go

    for 3 years

40. dto.gov.au You don’t know what your workloads are going to

    be 3 years from now

41. dto.gov.au How to control spend: Sell unused RIs on the

    marketplace

42. dto.gov.au Risks

43. dto.gov.au “Our spend is getting out of control!”

44. dto.gov.au Use sub accounts to segment and control spend

45. dto.gov.au Logically separate services you’re delivering across accounts

46. dto.gov.au See costs in one place

47. dto.gov.au Reduce your cost by buying RIs and using blended

    rates

48. dto.gov.au Handy when the service is mogged

49. dto.gov.au Automatically shut down environments every night

50. dto.gov.au Encourages a culture of technical resilience

51. dto.gov.au Better security posture through short lived environments

52. dto.gov.au *attackers are getting faster

53. dto.gov.au “Our stuff is getting hacked!”

54. dto.gov.au We can’t extract value from AWS unless we build

    and run services like AWS recommends

55. dto.gov.au Extract maximum value by giving your developers AWS access

56. dto.gov.au Give them the power to create & update &

    destroy their own environments

57. dto.gov.au Encourages a culture of technical resilience

58. dto.gov.au Heavily use IAM users, roles, and groups

59. dto.gov.au BUT

60. dto.gov.au Services and data can be accidentally exposed to the

    world
61. None

62. dto.gov.au Regularly & automatically audit exposed services

63. dto.gov.au “We aren’t getting the reliability benefits!”

64. dto.gov.au We can’t extract this value unless we build and

    run services like AWS recommends

65. dto.gov.au Build highly reliable systems from unreliable components

66. dto.gov.au Use autoscaling groups heavily

67. dto.gov.au Pre-bake your applications into images

68. dto.gov.au

69. dto.gov.au Build a strong continuous delivery capability

70. deploy to production acceptance tests integrate unit tests code done

    Traditional delivery Manual Manual Manual Auto

71. deploy to production acceptance tests integrate unit tests code done

    Continuous Delivery Manual Auto Auto Auto

72. deploy to production acceptance tests integrate unit tests code done

    Continuous Deployment Auto Auto Auto Auto

73. dto.gov.au Everything goes to production through the pipeline

74. 30 60 90 120 2015-10-29 2015-11-08 2015-11-16 2015-11-25 GOV.AU deploys

    over time

75. dto.gov.au Releases are a non-event

76. smoke tests acceptance tests integrate code done environment change deploy

    to production build images

77. dto.gov.au Satisfy regulatory requirements more easily

78. dto.gov.au Get scalability for free

79. ASG environment application image instance instance instance instance instance ELB

80. dto.gov.au Heavily restrict automation’s access with IAM

81. dto.gov.au Ship all logs off site

82. dto.gov.au Check out Packer & Terraform

83. dto.gov.au Case study cloud.gov.au outage

84. dto.gov.au

85. dto.gov.au Time to detection: 4 minutes

86. dto.gov.au Time to recovery: 12 minutes

87. dto.gov.au Human intervention: 0

88. dto.gov.au The system self-healed

89. dto.gov.au Took longer than if we were using pure-AWS

90. dto.gov.au It’s a tradeoff we’re willing to accept for multi-cloud

    capability

91. dto.gov.au Principles are the same

92. dto.gov.au The opportunity is immense

93. dto.gov.au IaaS helps make doing the right thing easy

94. dto.gov.au Technology is cheap, people are dear

95. dto.gov.au IaaS eliminates classes of problems

96. dto.gov.au IaaS frees up your teams to focus on the

    bigger picture

97. dto.gov.au Free people up to help org learn

98. dto.gov.au Australia can become the best in the world at

    delivering clearer, simpler, faster government services.

99. dto.gov.au Thank you! ❤ the talk? Let @auxesis & @DTO

    know!