The Future of Enterprise IT: Lessons Learned · security of the cloud Customer is responsible for security in the cloud Customer data Platform, applications, identity, & access management

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Jonathan Allen - AWS Enterprise Strategy

2018

The Future of Enterprise IT:

Lessons Learned


Personal career timeline

System

Integrator

Energy

Sector

1996 1998 2000 2017


Compelling reasons to move Cloud

Agility/dev productivity

Digital

transformation

Data center consolidation

Cost

Reduction

Large scale compute intensive

workloads

Acquisitions

or divestitures

Colocation or outsourcing

contract changes

Facility or real-estate decisions


and move faster

What if you could devote more resources tothe things that matter

while being more secure?


Largest Number Of Enterprise Customers


Modern Product Development

How Amazon achieves flow

How to transform your Enterprise IT

What we’ll cover:



Methods and Pr inc ip les of

Modern Product Development

DevOpsInterface for getting

stuff built and released

Agile TeamingThe organizational glue

that keeps release cycle

moving continuously

Design ThinkingInterface to customer

and feedback loop


Design Thinking is just…

User

Centered

Design

USER


1. First gain empathy

2. Then frame the problems

3. Now you can ideate

4. Run simple, fast, frugal tests

Bring the outside in

Pinpoint the pain point

Radical ideas, real impact

Build to learn

Practical Principles: Design Thinking


SCRUM

Continuously groomed backlog

No changes to work plan made during sprint

Product increment: must be completed, integrated and tested

Agile TeamingFocus: respond quickly to feedback

Agile Principle

Learning over

following a plan

Each Agile framework has a way of bringing feedback into its workstream


KANBAN

Finish task and pull forward next work item

Uses work-in-progress (WIP) limits and cycle-time to manage

flow of new development

Adapted from Toyota Production System


Agile Principle

Learning over

following a plan



XP – Extreme Programming

Emphasizes technical excellence as a way to remain agile

Pair programming and code reviews are common methods

Frequent checkpoints - Allows for constant feedback on

customer requirements


Agile Principle

Learning over

following a plan



Practical Principles: Agile

1. Rip the Band-Aid off, but have mercy

2. Keeping it real…and small

3. Show something every sprint

4. Trap: Agile by the book

Use release maps

Two pizza team model

Power of the demo

Find your agile center


All of these reduce cycle time and allow builders to focus

on product, quickly deploying and collecting feedback

DevOpsFocus: promote and enable fast feedback

DevOps Principles

Automate all things

Eliminate handoffs

Establish guardrails


DevOpsAgile TeamingDesign Thinking

Putt ing the P ieces Together :

Finding Organizat ional F low


Start with value hypothesis and growth hypothesis

Run small experiments to see if there is both value and demand

Bias towards many small tests vs. larger, extended ones

Persevere or pivot early based on results

MVPMinimum Viable Product: What is the smallest thing you can

test to prove the unproven parts of your idea

“One accurate measurement is worth more than a thousand expert opinions.”

-Admiral Grace Hopper


Typical Release Testing

Most Tests

Occur Late

In Process

Concept Dev Deployment

Functional

Acceptance

Performance

Security/

Compliance

Production

Monitor

Respond to

Defects/Incidents


Continuous Testing

Always

Be

Testing

Concept

Hypothesis

A/B

MVP

Development

Functional

Acceptance

Performance

Security/Compliance

Deployment

Functional

Acceptance

Performance

Security/Compliance

Canary

Production

Prod Testing

Chaos Engineering

User Testing Feedback



How Amazon Achieves F low

Working BackwardsFrom the customer

Two Pizza TeamsRun what you build

MicroservicesSpeed and agility


Write the Press Release: Think big and focus on the customer need

Write the FAQ: Customer and internal stakeholder

Define the user interaction and write the manual

Working backwards

from the customer

PR


Amazon Achieves Speed and Agility with Two-Pizza Teams

Small,

decentralized

teams are nimble

Own/run

what you

build


Developers Monolithic Application Delivery Pipeline

Build Test Release

Monol i ths : S low and R ig id


Microserv ices : Speed and Agi l i ty

Developers Microservices Delivery Pipelines

Build Test Release

Build Test Release

Build Test Release


Microserv ices Pr inc ip les

Single Purpose

API-based

Highly-decoupled

http://


Quickly Scaling

Winning Ideas

Rapid Adoption of

New Capabilities

Reducing Cost

of Failure

Impact of Cloud on

Product Development


r

Products & ServicesCTO/VP Applications

Digital Products, Brand

Websites, Mobile

Applications, Point of Sale

Systems, Commerce

E-mail, Productivity,

Collaboration, HR,

Finance, ERP

Back Office SystemsCIO/VP Corp Systems

Desktop Support, Device

Management, Telephony,

IT Support

End User ComputingVP IT Support

Encryption, Key Management,

Identity Management, Firewalls, IDS,

DDoS

Information SecurityCISO

Traditional Enterprise IT


r



Websites, Mobile


Systems, Commerce


Collaboration, HR,

Finance, ERP




IT Support




DDoS



Infrastructure/DeliveryVP Infrastructure


r



Websites, Mobile


Systems, Commerce


Collaboration, HR,

Finance, ERP




IT Support




DDoS



Infrastructure/DeliveryVP Infrastructure PMO Engineering Operations Design


r




Information Security

Future of Enterprise IT – Hybrid state

Infrastructure/DeliveryVP Infrastructure

Cloud CBO & CCoE


“Declare a Bold Cloud Objective”

Single-threaded leader


2-pizza cloud business office

Procurement CISO CFO Head of

Infrastructure

Head of

Delivery

Engineering Risk Leader

Audit Leader

HRLegal

Single-Threaded Leader

!


“If you can't feed a team with two pizzas,

the team is too large.” - Jeff Bezos

Step 1: Build a two-pizza Cloud Tiger Team


Product Manager

Cloud Adoption Framework – People Perspective

Step 2: Staff your Cloud Tiger Team


Lead Architect



Infrastructure Engineers

Leadership



Security Engineers

LeadershipInfrastructure



Operations Engineers

LeadershipInfrastructure Security



Application Engineers


Operations




Operations

Applications



Security

objectives

Availability

objectives

Cost

objectives

AGREEMENT

Get clear on your objectives

Feature & TTM

objectives

Compliance

objectives


Get clear on your objectivesCost

21%

1%

2%

42%

26%

8%

Facility (lease/power/maint)

Facility Improvements

Connectivity

Hardware - Refresh/Growth

Hardware - Buildout

Software

84%

16%

Cloud

Software

On-Premise AWS

5-Year On-Premise vs. Cloud Costs = (GAAP) savings of 68.9%


Customer

AWS

AWS is responsible for

security of the cloud

Customer is responsible for

security in the cloud

Customer data

Platform, applications, identity, & access management

Operating system, network, & firewall configuration

Client-side data encryption &

data integrity authentication

Server-side encryption

(file system &/or data)

Network traffic protection

(encryption/integrity/identity)

Compute Storage Database Networking

Edge

locations

Regions

Availability Zones

AWS Global

Infrastructure

Get clear on your objectivesSecurity



AWS has a deep set of security tooling

Virtual Private Cloud

Isolated cloud resources

Web Application Firewall

Filter malicious web traffic

Shield

DDoS protection

Certificate Manager

Provision, manage, and

deploy SSL/TSL certificates

Networking

Key Management Service

Manage creation

and control of

encryption keys

CloudHSM

Hardware-based

key storage

Server-Side Encryption

Flexible data

encryption options

Encryption

IAM

Manage user access

and encryption keys

SAML Federation

SAML 2.0 support

to allow on-premises

identity integration

Directory Service

Host and manage Microsoft

Active Directory

Organizations

Manage settings for

multiple accounts

Identity & management

Service Catalog

Create and use standardized

products

Config

Track resource inventory

and changes

CloudTrail

Track user activity and

API usage

CloudWatch

Monitor resources

and applications

Inspector

Analyze application security

Compliance

Macie

Discover, classify & protect data

Security


Certifications & attestations Laws, regulations, and privacy Alignments & frameworksCloud Computing Compliance Controls

Catalogue (C5)🇩🇪 ✔ Argentina Data Privacy ✔ CIS (Center for Internet Security) 🌐 ✔

Cyber Essentials Plus 🇬🇧 ✔ CISPE 🇪🇺 ✔ CJIS (US FBI) 🇺🇸 ✔

DoD SRG 🇺🇸 ✔ FERPA 🇺🇸 ✔ CSA (Cloud Security Alliance) 🌐 ✔

ENS High🇪🇸

GDPR 🇪🇺 ✔ EU-US Privacy Shield 🇪🇺 ✔

FedRAMP 🇺🇸 ✔ GLBA 🇺🇸 ✔ FFIEC ✔

FIPS 🇺🇸 ✔ HIPAA 🇺🇸 ✔ FISC 🇯🇵 ✔

IRAP 🇦🇺 ✔ HITECH 🌐 ✔ FISMA 🇺🇸 ✔

ISO 9001 🌐 ✔ IRS 1075 🇺🇸 ✔ G-Cloud 🇬🇧 ✔

ISO 27001 🌐 ✔ ITAR 🇺🇸 ✔ GxP (US FDA CFR 21 Part 11) 🇺🇸 ✔

ISO 27017 🌐 ✔ My Number Act 🇯🇵 ✔ ICREA 🌐 ✔

ISO 27018 🌐 ✔ Data Protection Act–1988 🇬🇧 ✔ IT Grundschutz 🇩🇪 ✔

K-ISMS (Korea) ✔ VPAT/Section 508 🇺🇸 ✔ MITA 3.0 (US Medicaid) 🇺🇸 ✔

MLPS Level 3 🇨🇳 ✔ Privacy Act [Australia] 🇦🇺 MPAA 🇺🇸 ✔

MTCS 🇸🇬 ✔ Privacy Act [New Zealand] 🇳🇿 ✔ NIST 🇺🇸 ✔

PCI DSS Level 1 💳 ✔ PDPA—2010 [Malaysia] 🇲🇾 ✔ Uptime Institute Tiers 🌐 ✔

SEC Rule 17-a-4(f) 🇺🇸 ✔ PDPA—2012 [Singapore] 🇸🇬 ✔ Cloud Security Principles 🇬🇧 ✔

SOC 1, SOC 2, SOC 3 🌐 PIPEDA [Canada] 🇨🇦 ✔

🌐 = industry or global standard Spanish DPA Authorization 🇪🇸 ✔ ✔

Get clear on your objectivesCompliance



Availability Downtime per year Categories

95% (1-nine) 18 days 6 hoursBatch processing, data extraction,

load jobs

99% (2-nines) 3 days 15 hours Internal tools, project tracking

99.9% (3-nines) 8 hours 45 minutes Online commerce

99.99% (4-nines) 52 minutes Video delivery, broadcast systems

99.999% (5-nines) 5 minutes Telecom industry (ATM Transactions)

Availability



Part X Part Y

A = AX AY

Availability



Component Availability Downtime

X 99% (2-nines) 3 days 15 hours

Y 99.99% (4-nines) 52 minutes

X and Y Combined 98.99% 3 days 16 hours 33 minutes

…availability in series

Availability

Part X Part Y

A = AX AY



A = 1 – (1 – AX)2

Part X

Part X

Availability



Component Availability Downtime

X 99% (2-nines) 3 days 15 hours

Two X in parallel 99.99% (4-nines) 52 minutes

Three X in parallel 99.9999% (6-nines) 31 seconds

A = 1 – (1 – AX)2

Part X

Part X

Availability



Availability Zone A Availability Zone B Availability Zone C

Availability


AWS Region


Availability


Multi-AZ—well-architected


APPLICATION

Availability



CORE SERVICES

Integrated Networking

Rules Engine

Device Shadows

Device SDKs

Device Gateway

Registry

Local Compute

Custom Model

Training & Hosting

Conversational Chatbots

Virtual Desktops

App Streaming

Schema Conversion

Image & Scene

Recognition Sharing & CollaborationExabyte-Scale

Data Migration

Text to Speech

Corporate Email Application Migration

Database Migration

Regions

Availability Zones

Points of Presence

Data Warehousing

Business Intelligence

Elasticsearch

Hadoop/Spark

Data Pipelines

Streaming Data

Collection

ETLStreaming Data

Analysis

Interactive SQL

Queries

Queuing & Notifications

Workflow

Email

Transcoding

Deep Learning

(Apache MXNet,

TensorFlow, & others)

Server MigrationCommunications

MARKETPLACE

Business Apps Business Intelligence DevOps Tools Security Networking StorageDatabases

API Gateway

Single Integrated Console

Identity

Sync

Mobile Analytics

Mobile App Testing

Targeted Push

Notifications

One-click App

Deployment

DevOps Resource

Management

Application Lifecycle

Management

Containers

Triggers

Resource Templates

Build & Test

Analyze & Debug

Identity Management

Key Management

& Storage

Monitoring

& Logs

Configuration

Compliance

Web Application FirewallAssessment

& Reporting

Resource & Usage

Auditing

Access Control

Account

Grouping

DDOS

Protection

TECHNICAL & BUSINESS SUPPORT

SupportProfessional

Services

Optimization

Guidance

Partner

EcosystemTraining & Certification Solutions Management Account Management Security & Billing Reports

Personalized

Dashboard

Monitoring

Manage

Resources

Data Integration

Integrated Identity &

Access

Integrated Resource &

Deployment Management

Integrated Devices

& Edge Systems

Resource Templates

Configuration

Tracking

Server

Management

Service

Catalogue

Search

MIGRATIONHYBRID ARCHITECTUREENTERPRISE APPSMACHINE LEARNINGIoTMOBILE SERVICESDEV OPSANALYTICS

APP SERVICES

INFRASTRUCTURE SECURITY & COMPLIANCE MANAGEMENT TOOLS

ComputeVMs, Auto-scaling, Load Balancing,

Containers, Virtual Private Servers,

Batch Computing, Cloud Functions,

Elastic GPUs, Edge Computing

StorageObject, Blocks, File, Archivals,

Import/Export, Exabyte-scale data transfer

CDN

DatabasesRelational, NoSQL, Caching,

Migration, PostgreSQL compatible

NetworkingVPC, DX, DNS

Facial Recognition

& Analysis

Facial Search

Patching

Contact Center

100+ Services…

Feature

& TTM


On-Boarding

Finance

Enterprise

Architecture

Change Mgmt

Communications

Governance

LeadershipInfrastructure SecurityOperationsApplications

Engineering teams will specialize in an area, but will have a

common set of skills shared across all product teams

Operations

Engineering

Infrastructure

Engineering

Security

Engineering

Cloud Business Office

(Leader)

Cloud Engineering

(Leader)

Scale beyond the “two-pizza” team


Trust

Trust, but verify


Trust, but verify

Trust

Security

objectives

Availability

objectives

Cost

objectives

Feature & TTM

objectives

Compliance

objectives


Trust, but verify

Verify

Capital One

Cloud Custodian


AWS Enterprise Strategy

@jonathanallen02

2018

Thank You!

Documents

The Future of Enterprise IT: Lessons Learned · security of the cloud Customer is responsible for security in the cloud Customer data Platform, applications, identity, & access management