SlideShare a Scribd company logo

Preparing for Systems of Record in the Cloud - AWS Summit Sydney

Amazon Web Services
Amazon Web Services

Core banking and financial systems are moving into the cloud. This talk will focus on the strategy, the technology, and the review process that customers use to move their most important systems into the cloud. Regulation plays an important role in defining how these systems must be secure and resilient, and this talk will dive deep into the regulatory context. In this session nib Group will discuss, as regulated insurer, their preparations to move a System of Record to AWS, with a specific focus on the platform they built to meet their security, risk, and resiliency requirements. Come to this talk to learn what they did, what they learned on the way, and their guidance on how you could do the same.

1 of 35
S U M M I T SYDNEY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Preparing for systems of record in the cloud Mathew Finch Head of Emerging Technology nib Group Wayne Bozza Head of Cybersecurity, IT Governance & Risk nib Group
ANNUAL GENERAL MEETING 2018 33
44 OUR PURPOSE: YOUR BETTER HEALTH Protecting our members against the financial risk of disease, sickness and injury Access to world-class healthcare wherever members are in the world Helping members better prevent, manage and treat illness
55 Cloud & Data Platforms Secure – Elastic – Resilient Modern Digital Experience Web – Mobile – API Next Gen Core System CRM – Modular – Capability
66 OUR CLOUD VISION Agility & Innovation Culture Experimentation Platform Improved Cyber & Risk Increased Resiliency Reduced Operating Costs Common Group Platform
77 TRANSITION APPROACH Dec 2015 Apr 2016 May 2017 Oct 2017 Feb 2018 Aug 2017 Board Sign Off First Production Release PCI Certified Platform 100 Apps Live 100 nibby Chatbot Goes Live Exploring Core System Transition Oct 2015 Proof of Concept
ANNUAL GENERAL MEETING 2018 88 So, what happened during the last 12 months?
99 nib RISK CULTURE ”The bigger the brakes, the faster the car…”
ANNUAL GENERAL MEETING 2018 1010 REGULATORY CONTEXT Local & Global Regulators Overlap with Compliance Requirements Constantly Evolving
ANNUAL GENERAL MEETING 2018 1111 REFERENCES APRA Cloud Computing Information Paper AWS Well Architected Framework
1212 THE LAST 12 MONTHS… Iterations
DEEP DIVE
ANNUAL GENERAL MEETING 2018 1414 KEY AREAS 1 Strategy 2 Operating Model 3 Procurement 4 Project Delivery 5 Governance 6 Solution Architecture 7 Security 8 Resiliency 9 Risk Management Assurance10
ANNUAL GENERAL MEETING 2018 1515 Cloud Specific Operating Model Changes
ANNUAL GENERAL MEETING 2018 1616 Platform Functional Overview
ANNUAL GENERAL MEETING 2018 1717 RED QUEEN PLATFORM TECHNOLOGY Multi-AZ Design Secure Bastions Antivirus Automated Patching CIS Hardened Images Account Separation RDS Automation Automated DR Tests Application Routers Secrets Management Network Segmentation Continuous DeliverySpeed Safety
ANNUAL GENERAL MEETING 2018 1818 Foundations & Patterns
ANNUAL GENERAL MEETING 2018 1919 POLICIES AS CODE Policies Standards Codified Patterns Workloads Governance
ANNUAL GENERAL MEETING 2018 2020 PATTERNS Features Infrastructure Web/API Extreme Encryption at Rest & Transit Hardened SOE & Vulnerability Management Automatic High Availability Least Privilege Admin Access Automated Patching Out of Band Point in Time Backup + Recovery Restricted Approved Services Contingency Plan Continuously Tested
ANNUAL GENERAL MEETING 2018 2121 RQP GOVERNANCE
ANNUAL GENERAL MEETING 2018 2222 Security
ANNUAL GENERAL MEETING 2018 2323 SECURITY OPERATIONS Identify Protect Detect Respond Recover Investigate AWS CloudTrail AWS Config AWS Systems Manager AWS CloudWatch AWS Lambda Amazon GuardDuty AWS CloudTrail AWS CloudWatch AWS IAM AWS KMS AWS Secrets Manager Amazon VPC Identify Protect Detect Respond Recover
ANNUAL GENERAL MEETING 2018 2424 PRIVILEGED ACCESS MANAGEMENT – “BREAK GLASS” AWS IAM AWS CloudTrail AWS CloudWatch Bastion AWS Systems Manager Security Group Production EC2 Instance AWS Step Functions Amazon SES Amazon API Gateway AWS Lambda AWS Lambda Run Command AWS KMS Step Functions Timer Unique Encrypted Credentials
ANNUAL GENERAL MEETING 2018 2525 Availability
ANNUAL GENERAL MEETING 2018 2626 AZ 1 AZ 3AZ 2 AVAILABILITY ARCHITECTURE Health Checks Auto Scaling Immutable Infrastructure Stateless Compute Micro-segmentation Withstand Loss of AZ Public Private Private Auto Scaling group ELB Master / Slave DB
ANNUAL GENERAL MEETING 2018 2727 AVAILABILITY – PEOPLE & PROCESS Monitor Detect Action / Alert Track Detection is automatic Standard availability patterns with health checks & monitoring Developers define additional logs and events to monitor Autoscaling is automatic Incidents are tracked & Post Incident Reviews held with relevant stakeholders On call engineer paged if service does not self heal Notifications posted to DevOps and Developers Availability incidents and trends are reviewed in governance forums
ANNUAL GENERAL MEETING 2018 2828 AVAILABILITY TESTING – “GORILLA” AZ 1 AZ 3AZ 2 Public Private Private Auto Scaling group ELB Master / Slave DB
ANNUAL GENERAL MEETING 2018 2929 Recovery
ANNUAL GENERAL MEETING 2018 3030 CODIFIED BACKUP POLICIES S3 & RDS Codified policies Application Specific Point in Time Retention Aligned to BCP MFA Delete & Versions Segregation Between Accounts Ephemeral assets Transient assets RDS Instance level backup Bunker account
ANNUAL GENERAL MEETING 2018 3131 RECOVERY Recovery Server Application Server Database Server Backups Bucket Bunker Storage Mirror Recovered DB X Alternate Hosting ProviderDisruption Scenarios: Collusion Between Parties Compromised Credentials Software Errors Replication Issues Failed Deployment
ANNUAL GENERAL MEETING 2018 3232 CONTINGENCY Risk Tiering Contingency for Material Services Establish Alternate Service Provider Portability Designs Commercial Exit Clauses
• CLICK TO EDIT MASTER TEXT STYLES INSIGHTS
3434 Key Takeaways… So Far Your Journey is Context Specific – There's no Silver Bullet Be Ready for Ongoing Dialogue Use Multiple Frameworks & Partners Your Cloud Journey is not just Technical Remember the People – Culture, New skills, New Roles, Training Get started Now!
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mathew Finch m.finch@nib.com.au Wayne Bozza w.bozza@nib.com.au

Recommended

Securing Your Cloud Transformation
Securing Your Cloud TransformationSecuring Your Cloud Transformation
Securing Your Cloud TransformationMarketingArrowECS_CZ
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio OverviewIftikhar Ali Iqbal
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 

Recommended

Securing Your Cloud Transformation
Securing Your Cloud TransformationSecuring Your Cloud Transformation
Securing Your Cloud TransformationMarketingArrowECS_CZ
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio OverviewIftikhar Ali Iqbal
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slideacinfotec
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsPriyanka Aash
 
Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9John Varghese
 
Dome9 Public Cloud Security
Dome9 Public Cloud SecurityDome9 Public Cloud Security
Dome9 Public Cloud SecuritySudarshan Srinivasan
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 
Open Technology made for Cloud
Open Technology made for CloudOpen Technology made for Cloud
Open Technology made for CloudAmazon Web Services
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 
FSM integration with SAP
FSM integration with SAPFSM integration with SAP
FSM integration with SAPCapgemini
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)Priyanka Aash
 
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration AgilityWSO2
 
Preparing for Systems of Record in the Cloud
Preparing for Systems of Record in the CloudPreparing for Systems of Record in the Cloud
Preparing for Systems of Record in the CloudAmazon Web Services
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 

More Related Content

What's hot

apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slideacinfotec
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsPriyanka Aash
 
Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9John Varghese
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 
FSM integration with SAP
FSM integration with SAPFSM integration with SAP
FSM integration with SAPCapgemini
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)Priyanka Aash
 
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration AgilityWSO2
 

What's hot (20)

apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
apidays LIVE Hong Kong 2021 - Zero Trust security with Service Mesh by Lauren...
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slide
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environments
 
Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9Automate compliance with cloud guard dome9
Automate compliance with cloud guard dome9
 
Dome9 Public Cloud Security
Dome9 Public Cloud SecurityDome9 Public Cloud Security
Dome9 Public Cloud Security
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial services
 
Open Technology made for Cloud
Open Technology made for CloudOpen Technology made for Cloud
Open Technology made for Cloud
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB)
 
FSM integration with SAP
FSM integration with SAPFSM integration with SAP
FSM integration with SAP
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
 
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
[WSO2 Summit Chicago 2018] Welcome Address: Integration Agility
 

Similar to Preparing for Systems of Record in the Cloud - AWS Summit Sydney

Preparing for Systems of Record in the Cloud
Preparing for Systems of Record in the CloudPreparing for Systems of Record in the Cloud
Preparing for Systems of Record in the CloudAmazon Web Services
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la Nube
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la NubeAWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la Nube
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la NubeAmazon Web Services LATAM
 
Smart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarSmart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarKellton Tech Solutions Ltd
 
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Mission Possible: How VMware's Private Cloud Migrated to Jira Service DeskMission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Mission Possible: How VMware's Private Cloud Migrated to Jira Service DeskAtlassian
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Linkbynet portfolio 20160115 en
Linkbynet portfolio 20160115 enLinkbynet portfolio 20160115 en
Linkbynet portfolio 20160115 enMatthieu DEMOOR
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Amazon Web Services
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Dynatrace: Going beyond APM and soaring to the future
Dynatrace: Going beyond APM and soaring to the futureDynatrace: Going beyond APM and soaring to the future
Dynatrace: Going beyond APM and soaring to the futureDynatrace
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveJudy Breedlove
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Wavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowWavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowAnil Gupta (AJ) - vExpert
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus
 
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving IT
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving ITDynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving IT
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving ITDynatrace
 

Similar to Preparing for Systems of Record in the Cloud - AWS Summit Sydney (20)

Preparing for Systems of Record in the Cloud
Preparing for Systems of Record in the CloudPreparing for Systems of Record in the Cloud
Preparing for Systems of Record in the Cloud
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la Nube
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la NubeAWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la Nube
AWS Cloud Experience CA: Mejores prácticas para su Transformación hacia la Nube
 
Smart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarSmart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech Webinar
 
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Mission Possible: How VMware's Private Cloud Migrated to Jira Service DeskMission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
Mission Possible: How VMware's Private Cloud Migrated to Jira Service Desk
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Linkbynet portfolio 20160115 en
Linkbynet portfolio 20160115 enLinkbynet portfolio 20160115 en
Linkbynet portfolio 20160115 en
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Dynatrace: Going beyond APM and soaring to the future
Dynatrace: Going beyond APM and soaring to the futureDynatrace: Going beyond APM and soaring to the future
Dynatrace: Going beyond APM and soaring to the future
 
Hybrid Cloud Meetup 4
Hybrid Cloud Meetup 4Hybrid Cloud Meetup 4
Hybrid Cloud Meetup 4
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps Scatter
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Wavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowWavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindow
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH Expertise
 
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving IT
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving ITDynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving IT
Dynatrace: Davis - Hololens - AI update - Cloud announcements - Self driving IT
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Preparing for Systems of Record in the Cloud - AWS Summit Sydney

  • 1. S U M M I T SYDNEY
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Preparing for systems of record in the cloud Mathew Finch Head of Emerging Technology nib Group Wayne Bozza Head of Cybersecurity, IT Governance & Risk nib Group
  • 4. 44 OUR PURPOSE: YOUR BETTER HEALTH Protecting our members against the financial risk of disease, sickness and injury Access to world-class healthcare wherever members are in the world Helping members better prevent, manage and treat illness
  • 5. 55 Cloud & Data Platforms Secure – Elastic – Resilient Modern Digital Experience Web – Mobile – API Next Gen Core System CRM – Modular – Capability
  • 6. 66 OUR CLOUD VISION Agility & Innovation Culture Experimentation Platform Improved Cyber & Risk Increased Resiliency Reduced Operating Costs Common Group Platform
  • 7. 77 TRANSITION APPROACH Dec 2015 Apr 2016 May 2017 Oct 2017 Feb 2018 Aug 2017 Board Sign Off First Production Release PCI Certified Platform 100 Apps Live 100 nibby Chatbot Goes Live Exploring Core System Transition Oct 2015 Proof of Concept
  • 8. ANNUAL GENERAL MEETING 2018 88 So, what happened during the last 12 months?
  • 9. 99 nib RISK CULTURE ”The bigger the brakes, the faster the car…”
  • 10. ANNUAL GENERAL MEETING 2018 1010 REGULATORY CONTEXT Local & Global Regulators Overlap with Compliance Requirements Constantly Evolving
  • 11. ANNUAL GENERAL MEETING 2018 1111 REFERENCES APRA Cloud Computing Information Paper AWS Well Architected Framework
  • 12. 1212 THE LAST 12 MONTHS… Iterations
  • 14. ANNUAL GENERAL MEETING 2018 1414 KEY AREAS 1 Strategy 2 Operating Model 3 Procurement 4 Project Delivery 5 Governance 6 Solution Architecture 7 Security 8 Resiliency 9 Risk Management Assurance10
  • 15. ANNUAL GENERAL MEETING 2018 1515 Cloud Specific Operating Model Changes
  • 16. ANNUAL GENERAL MEETING 2018 1616 Platform Functional Overview
  • 17. ANNUAL GENERAL MEETING 2018 1717 RED QUEEN PLATFORM TECHNOLOGY Multi-AZ Design Secure Bastions Antivirus Automated Patching CIS Hardened Images Account Separation RDS Automation Automated DR Tests Application Routers Secrets Management Network Segmentation Continuous DeliverySpeed Safety
  • 18. ANNUAL GENERAL MEETING 2018 1818 Foundations & Patterns
  • 19. ANNUAL GENERAL MEETING 2018 1919 POLICIES AS CODE Policies Standards Codified Patterns Workloads Governance
  • 20. ANNUAL GENERAL MEETING 2018 2020 PATTERNS Features Infrastructure Web/API Extreme Encryption at Rest & Transit Hardened SOE & Vulnerability Management Automatic High Availability Least Privilege Admin Access Automated Patching Out of Band Point in Time Backup + Recovery Restricted Approved Services Contingency Plan Continuously Tested
  • 21. ANNUAL GENERAL MEETING 2018 2121 RQP GOVERNANCE
  • 22. ANNUAL GENERAL MEETING 2018 2222 Security
  • 23. ANNUAL GENERAL MEETING 2018 2323 SECURITY OPERATIONS Identify Protect Detect Respond Recover Investigate AWS CloudTrail AWS Config AWS Systems Manager AWS CloudWatch AWS Lambda Amazon GuardDuty AWS CloudTrail AWS CloudWatch AWS IAM AWS KMS AWS Secrets Manager Amazon VPC Identify Protect Detect Respond Recover
  • 24. ANNUAL GENERAL MEETING 2018 2424 PRIVILEGED ACCESS MANAGEMENT – “BREAK GLASS” AWS IAM AWS CloudTrail AWS CloudWatch Bastion AWS Systems Manager Security Group Production EC2 Instance AWS Step Functions Amazon SES Amazon API Gateway AWS Lambda AWS Lambda Run Command AWS KMS Step Functions Timer Unique Encrypted Credentials
  • 25. ANNUAL GENERAL MEETING 2018 2525 Availability
  • 26. ANNUAL GENERAL MEETING 2018 2626 AZ 1 AZ 3AZ 2 AVAILABILITY ARCHITECTURE Health Checks Auto Scaling Immutable Infrastructure Stateless Compute Micro-segmentation Withstand Loss of AZ Public Private Private Auto Scaling group ELB Master / Slave DB
  • 27. ANNUAL GENERAL MEETING 2018 2727 AVAILABILITY – PEOPLE & PROCESS Monitor Detect Action / Alert Track Detection is automatic Standard availability patterns with health checks & monitoring Developers define additional logs and events to monitor Autoscaling is automatic Incidents are tracked & Post Incident Reviews held with relevant stakeholders On call engineer paged if service does not self heal Notifications posted to DevOps and Developers Availability incidents and trends are reviewed in governance forums
  • 28. ANNUAL GENERAL MEETING 2018 2828 AVAILABILITY TESTING – “GORILLA” AZ 1 AZ 3AZ 2 Public Private Private Auto Scaling group ELB Master / Slave DB
  • 29. ANNUAL GENERAL MEETING 2018 2929 Recovery
  • 30. ANNUAL GENERAL MEETING 2018 3030 CODIFIED BACKUP POLICIES S3 & RDS Codified policies Application Specific Point in Time Retention Aligned to BCP MFA Delete & Versions Segregation Between Accounts Ephemeral assets Transient assets RDS Instance level backup Bunker account
  • 31. ANNUAL GENERAL MEETING 2018 3131 RECOVERY Recovery Server Application Server Database Server Backups Bucket Bunker Storage Mirror Recovered DB X Alternate Hosting ProviderDisruption Scenarios: Collusion Between Parties Compromised Credentials Software Errors Replication Issues Failed Deployment
  • 32. ANNUAL GENERAL MEETING 2018 3232 CONTINGENCY Risk Tiering Contingency for Material Services Establish Alternate Service Provider Portability Designs Commercial Exit Clauses
  • 33. • CLICK TO EDIT MASTER TEXT STYLES INSIGHTS
  • 34. 3434 Key Takeaways… So Far Your Journey is Context Specific – There's no Silver Bullet Be Ready for Ongoing Dialogue Use Multiple Frameworks & Partners Your Cloud Journey is not just Technical Remember the People – Culture, New skills, New Roles, Training Get started Now!
  • 35. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mathew Finch m.finch@nib.com.au Wayne Bozza w.bozza@nib.com.au