Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
270
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
610
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
150
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
130
2026 TECHFRESH 畢業分享會 - AI-Native 重塑軟體工程與虛擬講師
line_developers_tw
PRO
0
890
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
syuchimu
0
220
プロダクト開発から業務改善コンサルまで。事業全体へ「染み出す」ことで広がるエンジニアの可能性
ham0215
0
120
Claude Codeをどのように キャッチアップしているか
oikon48
12
7k
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
line_developers_tw
PRO
0
880
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
ebiken
PRO
2
140
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
890
あなたの AI ワークスペースに、 専門コーダーを連れてくる - Amazon Quick Desktop 最新情報
kawaji_scratch
1
130
AIっぽい文章を採点して人間らしく直すアプリを作ってみた
yama3133
2
140
RSA暗号を手計算したくなること、ありますよね?? (20260615_orestudy6_rsa)
thousanda
0
310
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Design in an AI World
tapps
1
240
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
380
It's Worth the Effort
3n
188
29k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.3k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
860
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
330
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
450
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
65
55k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
edeandrea
nassy20
line_developers_tw
syuchimu
ham0215
oikon48
ebiken
kawaji_scratch
yama3133
thousanda
aleyda
jmmastey
tapps
destraynor
reverentgeek
3n
ivargrimstad
bluesmoon
tammyeverts
konakalab
charlesmeaden
soudai
