O'Reilly Velocity Europe

•

0 likes•236 views

Rekha Joshi

My slides on "Performance And Security: A Tale Of Two Cities" at O'Reilly Velocity Conference Europe

Technology

Performance And Security:
A Tale Of Two Cities
Rekha Joshi
Intuit
Rekha Joshi @rekhajoshm

About Me
Rekha Joshi
Principal Software Engineer, Intuit
https://www.linkedin.com/in/rekhajoshm
@rekhajoshm

Today
How Priorities Stack Up
Fast And Secure Services
Monitoring
Automation
Back To The Future!

Inherent Tension
Systems Not Performant Are Not Used
Systems Not Secure Do Not Last

Performance And Security: A Tale Of Two Cities
Image Credits: Bollywood

We Never Want Fast At Risk Of Safety
Image Credits: Disney

Recognizing Explicit Protection For Our Future
Choosing Your Leader Getting Through Airport
Image Credits: Internet Archive

Intuit - Performance Driven, Security Top Priority
Systems That Are Performant And Are Safe To Use
Systems That Are Secure And Are Usable

Consumers Small Businesses Accounting Professionals
Intuit – Who We Serve

Era of Windows Era of Web Era of the CloudEra of
DOS
Compliant
data
Mobile First
1980s 1990s 2000s
• Employees: 150
• Customers: 1.3M customers
• Revenue: $33M
• Employees: 4,500
• Customers: 5.6M
• Revenue: $1.04B
• Employees: 7,700
• Customers: 37M
• Revenue: $4.2B
20162010
Regulatory
data
Transactional data Batch data Real time data Complex, secure data
Intuit Landscape

Identification– Stop The Flood At The Gates
How many of you use passwords
known in bad passwords list?
How many of you use your
spouse or birthdates as
passwords?

Multi Factor Authentication
Push Approve
App Codes
Fingerprinting
Biometrics
USB ( Yubikeys)

Authorization
By The Power Of
Gray Skull,
You Do Not Have
The Power!
Image Credits: He-man And The Masters Of the Universe

Enforce Principle Of Least Privilege
Image Credits: Amazon Web Services

Making Security Easier
Custom Libraries
Secrets Management and Encryption
Data Classification, Governance and Stewardship
WhiteListing Process
Educating The Workforce

Where Are Performance Gains Coming From?
Image Credits: Silicon Valley

Configuration of Servers
Elasticity
Managing Memory
Optimized Instances
Using Enhanced Networking ( HVM vs PV)

Improving HTTP Protocol (HTTP/2)
Evolving
Compressed Headers
Multiplexing Request/Response
Reduced Number Of Connections
https://http2.github.io/

Codebase
Optimize, Tune Technology
Caching, Optimized Flows
Language Performance Improvement
Solution Path Analysis

Follow Your Customer Home
Explore How Your Customers Actually Use Your Product/Services

Monitoring Tools
AWS resource
alarms Custom App MetricsJVM and App
Metrics
Custom process
alerts
Logging and
alert
Receive an alert about an outage that hasn’t happened yet.
Prometheus.io
ElasticSearch
Kibana
LogStash
HipChat
Grafana

Logging And Audit
Manage Logs
Visibility on internal host state
Auto Anamoly Detection From Logs

Security Management
Vulnerability Testing
Network Analyzer
Threat Modeling
Mitigation
Continuous Monitoring

Injecting Performance Testing In CI
http://gatling.io/#/

Auto Notifications
Available Verified Patches For OS, AMI, Browsers, Mobile SDK
Available Patches For Possible Vulnerability/Threat

Automated Deployments
Making Configurations Easier To Change
Emergency Restacking

Back To The Future
The Future State?
Naturally Secure
And Performant
Systems!

Ahoy, Towards That Future!
Image Credits: Disney, Marvel comics

Rekha Joshi
Principal Software Engineer,
Intuit
Rekha Joshi @rekhajoshm
Thank You

Viewers also liked

Hadoop Summit 2016 - Evolution of Big Data Pipelines At Intuit

Rekha Joshi

CRM at capital one

Joshpin Bala.B

In my previous years’ talks at DevOps Enterprise Summit, I spoke about starting and scaling of DevOps at Capital One; importance of Open Source, Open Technology and Innovations in DevOps. This year, I will present Capital One’s journey of maturing in DevOps and Continuous Delivery. My presentation will cover our current areas of focus: Delivery Pipeline, Flow and Measurements. I will also share some of the problems we faced and what we did to solve them.

DOES SFO 2016 - Topo Pal - DevOps at Capital One

Gene Kim

Beautiful Monitoring With Grafana and InfluxDB

leesjensen

Capital One began moving to AWS just two years ago. Every day, the amount of traffic we serve from the cloud continues to grow. With development teams having the freedom to choose their own technology stacks, many teams have quickly started moving applications to Docker. In this session, learn how Capital One uses a combination of the Elastic Load Balancing service along with Application Load Balancer features to increase deployment speed and reliability.

AWS re:Invent 2016: From EC2 to ECS: How Capital One uses Application Load Ba...

Amazon Web Services

DockerCon EU 2015: The Latest in Docker Engine

Docker, Inc.

Capital One Digital Strategy - Rachel Shapiro

Rachel Shapiro

Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg. There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes. This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.

Velocity 2015 linux perf tools

Brendan Gregg

Viewers also liked (8)

Hadoop Summit 2016 - Evolution of Big Data Pipelines At Intuit

CRM at capital one

DOES SFO 2016 - Topo Pal - DevOps at Capital One

Beautiful Monitoring With Grafana and InfluxDB

AWS re:Invent 2016: From EC2 to ECS: How Capital One uses Application Load Ba...

DockerCon EU 2015: The Latest in Docker Engine

Capital One Digital Strategy - Rachel Shapiro

Velocity 2015 linux perf tools

Similar to O'Reilly Velocity Europe

Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...

Rahul Neel Mani

Virtualization Conference Nov08 V2

Pini Cohen

Amazon Kinesis is a platform for streaming data on AWS, offering powerful services to make it easy to load and analyze streaming data. In this session, you'll learn about how AWS customers are transitioning from batch to real-time processing using Amazon Kinesis, and how to get started. We will provide an overview of streaming data applications and introduce the Amazon Kinesis platform and its services. We will walk through a production use case to demonstrate how to ingest streaming data, prepare it, and analyze it to gain actionable insights in real time using Amazon Kinesis. We will also provide pointers to tutorials and other resources so you can quickly get started with your streaming data application.

Analyzing Real-time Streaming Data with Amazon Kinesis

Amazon Web Services

Esm 5 08 V3

Pini Cohen

Amazon Web Services: Building a 'Web-Scale Computing' Architecture

goodfriday

apidays Helsinki & North 2023 API Ecosystems - Connecting Physical and Digital June 5 & 6, 2023 API Security in the era of Generative AI Matt Feigal, Partner Engineering Manager at Google Cloud Sweden ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...

apidays

Learning Objectives: - Get an overview of streaming data and it's application in analytics and big data. - Understand the factors driving the accelerating transformation of batch processing to real-time. - Learn how you should plan for incorporating data streaming in your analytics and processing workloads. Business can now easily perform real-time analytics on data that has been traditionally analyzed using batch processing in data warehouses or using Hadoop frameworks, and react to new information in minutes or seconds instead of hours or days. In this webinar, Forrester analyst Mike Gualtieri and Amazon Kinesis GM Roger Barga will discuss this prevalent trend, it's business significance, and how you should plan for it. You will also learn about the AWS services that can help you get started quickly with real-time, streaming applications fore your analytics and big data workloads.

Emerging Prevalence of Data Streaming in Analytics and it's Business Signific...

Amazon Web Services

Vazata Federal IaaS

ftculotta27

5 Years Of Building SaaS On AWS

Christian Beedgen

Virtualization Leadership Presentation - LONG and SHORT (April 2010)

IBM India Smarter Computing

Change auditing: Who, What, When, Where details for every change with 'before' and 'after' values Configuration assessment: State-in-time™ reports showing configuration settings at any point in time More than 200 predefined reports and dashboards with filtering, grouping, sorting, exporting, email subscriptions, drill-down, web access, granular permissions and ability to create custom reports AuditArchive™: scalable two-tiered storage (file-based + SQL database) holding consolidated audit data for up to and beyond 10 years Unified platform to audit the entire IT infrastructure (including systems that do not produce logs), as opposed to multiple hard-to-integrate standalone tools from other vendors

Change auditing: Determine who changed what, when and where

Giovanni Zanasca

Democratization - New Wave of Data Science (홍운표 상무, DataRobot) :: AWS Techfor...

Amazon Web Services Korea

Cloud Security for Startups - From A to E(xit)

Shahar Geiger Maor

Legacy monitoring and troubleshooting tools can limit visibility and control over your infrastructure and applications. Organizations must find monitoring and troubleshooting tools that can scale with the volume, variety and velocity of data generated by today’s complex applications in order to keep pace with business demands. Our upcoming webinar will discuss how Sumo Logic helped Scripps Networks harness cloud-native machine data analytics to improve application quality and reliability on AWS. Sumo Logic allows IT operations teams to visualize and monitor workloads in real-time, identify issues and expedite root-cause analysis across the AWS environment. Join us to learn: • How to migrate from traditional on-premises data centers to AWS with confidence • How to improve the monitoring and troubleshooting of modern applications • How Scripps Networks, a leading content developer, used Sumo Logic to optimize their transition to AWS Who should attend: Developers, DevOps Director/Manager, IT Operations Director/Manager, Director of Cloud/Infrastructure, VP of Engineering

Real-time Visibility at Scale with Sumo Logic

Amazon Web Services

Hw09 Large Scale Transaction Analysis

Cloudera, Inc.

The standard business model is changing rapidly changing. Companies used to be built for the long haul. But now, success is powered by rapid-paced innovation and the ability to get disruptive products to market first. You’re used to balancing resources between keeping things running and the development of new initiatives. But merely keeping the lights on doesn't differentiate you from your competitors.

The New Normal: Benefits of Cloud Computing and Defining your IT Strategy

Amazon Web Services

Sukumar Nayak-Agile-DevOps-Cloud Management

Sukumar Nayak

Advanced persistent threats

Network Intelligence India

[데브멘토tv]강사: 헨리코 세일즈포스닷컴 APAC 시니어 엔지니어_세일즈포스닷컴 활용 가이드 시연 2부 최종 -국내 처음 ‘포스닷컴’ 시연<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> -개발자 수익 100% 보장하는 앱 익스체인지의 비밀 -포스닷컴, 비즈니스 기회와 경영혁신 두마리 토끼 공략법

개발자 수익 100% 보장하는 앱 익스체인지의 비밀

mosaicnet

Security-testing presentation

Ezhilan Elangovan (Eril)

Similar to O'Reilly Velocity Europe (20)

Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...

Virtualization Conference Nov08 V2

Analyzing Real-time Streaming Data with Amazon Kinesis

Esm 5 08 V3

Amazon Web Services: Building a 'Web-Scale Computing' Architecture

apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...

Emerging Prevalence of Data Streaming in Analytics and it's Business Signific...

Vazata Federal IaaS

5 Years Of Building SaaS On AWS

Virtualization Leadership Presentation - LONG and SHORT (April 2010)

Change auditing: Determine who changed what, when and where

Democratization - New Wave of Data Science (홍운표 상무, DataRobot) :: AWS Techfor...

Cloud Security for Startups - From A to E(xit)

Real-time Visibility at Scale with Sumo Logic

Hw09 Large Scale Transaction Analysis

The New Normal: Benefits of Cloud Computing and Defining your IT Strategy

Sukumar Nayak-Agile-DevOps-Cloud Management

Advanced persistent threats

개발자 수익 100% 보장하는 앱 익스체인지의 비밀

Security-testing presentation

Recently uploaded

AI presentation and introduction - Retrieval Augmented Generation RAG 101

vincent683379

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

This presentation focuses on the challenges and strategies of connecting problem definitions within product development. Key Points Covered: - Kayak's mission since its inception in 2004 to simplify travel by enabling easy comparisons of flights through technological solutions. - Discussion of the complexities within the travel industry, including the high expectations for personalized user experiences and the various stakeholder influences. - Emphasis on the necessity of maintaining agility and innovation within a mature company through continuous reassessment of processes. - An explanation of the importance of disciplined problem definition to prevent project failures and team inefficiencies. - Introduction of strategies for effective communication across teams to ensure alignment and comprehension at all levels of project development. - Exploration of various problem-solving methodologies, including how to handle conflicts within team settings regarding problem definitions and project directions.

Connecting the Dots in Product Design at KAYAK

UXDXConf

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

UXDXConf

IESVE for Early Stage Design and Planning

IES VE

When you think of a highly secure meeting environment, do you instantly think 'Microsoft Teams'!? Or do you think about some unknown application, troublesome UI and daunting login process...? If you think the latter - let's change that! In this session Femke will show you how using Teams Premium features can create secure, but also good looking meetings! PRETTY. Make sure your company's brand is represented before, during and after the meeting with Customization policies in place. SECURE. Lets utilize Meeting templates and Sensitivity Labels to protect your meeting and data to prevent sensitive information from being leaked. After this session, you will have a clear understanding of the capabilities of Teams Premium features and how to set up the perfect meeting that suits your organizational requirements!

ECS 2024 Teams Premium - Pretty Secure

Femke de Vroome

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “Enterprise Knowledge Graphs: The Importance of Semantics” on May 9, 2024, at the annual Data Summit in Boston. In her presentation, Hedden describes the components of an enterprise knowledge graph and provides further insight into the semantic layer – or knowledge model – component, which includes an ontology and controlled vocabularies, such as taxonomies, for controlled metadata. While data experts tend to focus on the graph database components (RDF triple store or a label property graph), Hedden emphasizes they should not overlook the importance of the semantic layer.

Enterprise Knowledge Graphs - Data Summit 2024

Enterprise Knowledge

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

FIDO Alliance

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

CzechDreamin

Extensible Python: Robustness through Addition - PyCon 2024

Patrick Viafore

Agentic RAG What it is its types applications and implementation.pdf

ChristopherTHyatt

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

FIDO Alliance

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

Syngulon’s technology expands the capacity for selection of microorganisms. The ability to select individual microbes with a behavior of interest is essential, whether for simple cloning at the bench, or for industry-scale production. Synthetic biology uses the concept of “bioengineering” to improve or modify existing genetic systems to create microbes with desired behaviors, and Syngulon uses this approach to develop its selection technologies. This selection technology is based on bacteriocins, ribosomally-produced peptides naturally made by most bacteria to kill competitive microbial species. These bacteriocins can have a limited or wide target range against other microbial species. This technology offers advantageous over antibiotic selection for several reasons: it avoids the use of antibiotics in the first place, helping to reduce the spread of antibiotic resistant microbes. The technology also increases product yield; as bacteriocins are generally smaller peptides, they do not impose a heavy metabolic burden on the producing cell. They can have a wide target specificity, helping to avoid genetic drift. Finally, our system is 100% plasmid-based (e.g. without chromosomal mutations), making it applicable for use in any E. coli strains.

Syngulon - Selection technology May 2024.pdf

Syngulon

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

This talk offers actionable insights at an executive level for enhancing productivity and refining your portfolio management approach to propel your organization to greater heights. Key Points Covered: 1. Experience Transformation: - The core challenge remains consistent across organizations: converting budget into user-centric designs. - Strategies for deploying design resources effectively in both startups and large enterprises. 2. Strategic Frameworks: - Introduction to the "Ziggurat of Impact" model, detailing layers from basic system interactions to comprehensive customer experiences. - Practical insights on creating frameworks that scale with organizational complexity. 3. Organizational Impact: - Real-world examples of navigating design in large settings, focusing on the synthesis of consumer products and customer experiences. - Emphasis on the importance of designing systems that directly influence customer interactions. 4. Design Execution: - Detailed walkthrough of organizational layers affecting design execution, from touchpoints and customer activities to shared capabilities. - How to ensure design influences both the micro and macro aspects of customer interactions. 5. Measurement and Adaptation: - Techniques for measuring the impact of design decisions and adapting strategies based on data-driven insights. - The critical role of continuous improvement and feedback in refining customer experiences.

Structuring Teams and Portfolios for Success

UXDXConf

The Metaverse: Are We There Yet?

Mark Billinghurst

The Epson EcoTank L3210 is a high-performance and cost-efficient printer designed to meet the printing needs of both home users and small businesses. Equipped with Epson’s revolutionary EcoTank ink tank system, the Epson eliminates the need for traditional ink cartridges, thereby significantly reducing printing costs and plastic waste. With its PrecisionCore technology, this printer delivers sharp, vibrant prints for both documents and photos. Its user-friendly design ensures easy setup and operation, while its compact form factor saves valuable desk space. Whether it’s everyday printing jobs or creative projects, the Epson EcoTank L3210 provides a reliable and eco-friendly printing solution.

Buy Epson EcoTank L3210 Colour Printer Online.pdf

EasyPrinterHelp

In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite. In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover, Software testing overview What is software testing Why software testing is required Typical test types and levels Continuous testing and challenges Introduction to UiPath Test Suite UiPath Test Suite family of products Speaker: Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 1

DianaGray10

Recently uploaded (20)

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Demystifying gRPC in .Net by John Staveley

Connecting the Dots in Product Design at KAYAK

Designing for Hardware Accessibility at Comcast

IESVE for Early Stage Design and Planning

ECS 2024 Teams Premium - Pretty Secure

Enterprise Knowledge Graphs - Data Summit 2024

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

What's New in Teams Calling, Meetings and Devices April 2024

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

Extensible Python: Robustness through Addition - PyCon 2024

Agentic RAG What it is its types applications and implementation.pdf

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

Intro in Product Management - Коротко про професію продакт менеджера

Syngulon - Selection technology May 2024.pdf

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

Structuring Teams and Portfolios for Success

The Metaverse: Are We There Yet?

Buy Epson EcoTank L3210 Colour Printer Online.pdf

UiPath Test Automation using UiPath Test Suite series, part 1

O'Reilly Velocity Europe

1. Performance And Security: A Tale Of Two Cities Rekha Joshi Intuit Rekha Joshi @rekhajoshm

2. About Me Rekha Joshi Principal Software Engineer, Intuit https://www.linkedin.com/in/rekhajoshm @rekhajoshm

3. Today How Priorities Stack Up Fast And Secure Services Monitoring Automation Back To The Future!

4. Inherent Tension Systems Not Performant Are Not Used Systems Not Secure Do Not Last

5. Performance And Security: A Tale Of Two Cities Image Credits: Bollywood

6. We Never Want Fast At Risk Of Safety Image Credits: Disney

7. Recognizing Explicit Protection For Our Future Choosing Your Leader Getting Through Airport Image Credits: Internet Archive

8. Intuit - Performance Driven, Security Top Priority Systems That Are Performant And Are Safe To Use Systems That Are Secure And Are Usable

9. Consumers Small Businesses Accounting Professionals Intuit – Who We Serve

10. Era of Windows Era of Web Era of the CloudEra of DOS Compliant data Mobile First 1980s 1990s 2000s • Employees: 150 • Customers: 1.3M customers • Revenue: $33M • Employees: 4,500 • Customers: 5.6M • Revenue: $1.04B • Employees: 7,700 • Customers: 37M • Revenue: $4.2B 20162010 Regulatory data Transactional data Batch data Real time data Complex, secure data Intuit Landscape

11. Secure Services

12. Identification– Stop The Flood At The Gates How many of you use passwords known in bad passwords list? How many of you use your spouse or birthdates as passwords?

13. Multi Factor Authentication Push Approve App Codes Fingerprinting Biometrics USB ( Yubikeys)

14. Authorization By The Power Of Gray Skull, You Do Not Have The Power! Image Credits: He-man And The Masters Of the Universe

15. Enforce Principle Of Least Privilege Image Credits: Amazon Web Services

16. Making Security Easier Custom Libraries Secrets Management and Encryption Data Classification, Governance and Stewardship WhiteListing Process Educating The Workforce

17. Fast Services

18. Where Are Performance Gains Coming From? Image Credits: Silicon Valley

19. Configuration of Servers Elasticity Managing Memory Optimized Instances Using Enhanced Networking ( HVM vs PV)

20. Improving HTTP Protocol (HTTP/2) Evolving Compressed Headers Multiplexing Request/Response Reduced Number Of Connections https://http2.github.io/

21. Codebase Optimize, Tune Technology Caching, Optimized Flows Language Performance Improvement Solution Path Analysis

22. Follow Your Customer Home Explore How Your Customers Actually Use Your Product/Services

23. Continuous Monitoring

24. Monitoring Tools AWS resource alarms Custom App MetricsJVM and App Metrics Custom process alerts Logging and alert Receive an alert about an outage that hasn’t happened yet. Prometheus.io ElasticSearch Kibana LogStash HipChat Grafana

25. Logging And Audit Manage Logs Visibility on internal host state Auto Anamoly Detection From Logs

26. Performance Management

27. Security Management Vulnerability Testing Network Analyzer Threat Modeling Mitigation Continuous Monitoring

28. Automation

29. Injecting Performance Testing In CI http://gatling.io/#/

30. Auto Notifications Available Verified Patches For OS, AMI, Browsers, Mobile SDK Available Patches For Possible Vulnerability/Threat

31. Automated Deployments Making Configurations Easier To Change Emergency Restacking

32. Back To The Future The Future State? Naturally Secure And Performant Systems!

33. Ahoy, Towards That Future! Image Credits: Disney, Marvel comics

34. Rekha Joshi Principal Software Engineer, Intuit Rekha Joshi @rekhajoshm Thank You

O'Reilly Velocity Europe

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (8)

Similar to O'Reilly Velocity Europe

Similar to O'Reilly Velocity Europe (20)

More from Rekha Joshi

More from Rekha Joshi (7)

Recently uploaded

Recently uploaded (20)

O'Reilly Velocity Europe