Lack of Knowledge and Experience Unknown State of Existing On-Premises Infrastructure No Guardrails Reduced Speed and Accuracy in Deployments Road Blocks from Risk Management
Experience Solution: • Executive Development • Create a Cloud Center of Excellence (CCoE) • Staff Education • Develop a Cloud First Strategy • KPIs for Measuring Success
On-Premises Infrastructure Problem: • There are lots of workloads on-prem. There is probably a lot of information that isn’t known: • Interdependencies between applications • Network throughput • Actual server requirements
On-Premises Infrastructure Solution: • Assessing the current workloads is important to create an efficient workload migration plan while minimizing costs and identifying risks. • Use tooling to evaluate current environment • Interview application owners • Assign risk levels • Create a full assessment report to share • Develop a migration plan and schedule
Infrastructure is deployed without proper standards, governance, cost consideration and security. Self- service and experimentation can be a challenging proposition.
in Deployments Problem: • With 100’s or possibly 1000’s of workloads to deploy, many experience frustration related to deployment times and rework required to fix the deployment.
Management Solution: • Educate and ensure the group is cloud-ready. Include the group with all the design phases of the prior items. Provide access to the platform: • AWS Config • CloudTrail • Log access • IAM Roles and Federation
essential to competition but inconsequential to strategy, the risks it creates become more important than the advantages it provides.” - Nicholas Carr IT Doesn’t Matter…
rights reserved. Common Customer Scenario Customer Layout: Customer has CloudTrail Logs and email alerting, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform
rights reserved. GuardDuty Visualized EC2 instance i-0bf6a7c59f is querying a domain name that is associated with Bitcoin- related activity. i-0bf6a7c59f
rights reserved. GuardDuty Visualized • GuardDuty findings are surfaced in a single dashboard • Event severity and type is organized to allow quick threat assessment • Excellent AWS Quick Start Template available called “Visualizing Amazon GuardDuty Findings”
rights reserved. GuardDuty Proactive • GuardDuty finding triggered a CloudWatch Event • CloudWatch Event targeted a Lambda function that replaced the offending server with a new instance • Advanced options include server quarantine, ticket creation for follow-up investigation, etc.
rights reserved. Customer Scenario Customer Layout: Customer is running a public-facing website on AWS Customer has Amazon CloudWatch and Amazon VPC Flow Logs, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform
rights reserved. Review Visualization Dashboard • Notice high outbound packet communication with a single public IP • Notice billing alert from autoscaling web pool • Determine that this warrants immediate intervention