Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
08.22.19

S E A T T L E
Enabling Transformation
Through Agility and Innovation
Clarke Rodgers
Enterprise Strategy
08.22.19

90%
of companies are engaging in
some form of digitization
16%
feel they are responding
to digital disruption with a bold
strategy at scale
Source: McKinsey
Enterprises feel pressure to close the gap

IT cultural trends we are seeing
WHILE THIS IS PROGRESS, IT’S NOT ENOUGH
Moving towardMoving from
Learning (start small, experiment, and iterate)
Decentralized ownership (guardrails versus gates)
DevOps and cross-functional teams
Automate: Infra-as-code, redeploy every time
Adopt early and often
Reference architecture, few standards
Talent insourcing/niche partnering
Failure is not an option
Command-and-control
Silos “throw it over the wall”
Build/deploy in place
Long due diligence
Standardization
Talent outsourcing

Business agility is the goal
According to The Agility Paradox by Peter Weill, Director at MIT Sloan
School of Management:
• Organizational Agility is the ability to respond, decide, embrace
change, and execute quickly
• “Time to execute” continues to shrink as digitally enabled start-ups reinvent
the market
• Agility is no longer a choice but mandatory to compete in today’s
digital landscape
• It is critical for all organizations, regardless of size to
Think Agile, Act Agile, and Be Agile

Jeff Bezos
CEO, Amazon.com
Most large organizations
embrace the idea of
invention, but are not
willing to suffer the string
of failed experiments
necessary to get there.
Our success at Amazon is
a function of how many
experiments we do per
year, per month, per week,
per day.

Existing
infrastructure
Established
processes
Cultural
resistance
Change is hard

McDonald’s brings
home delivery to
market in four months
“This was a four month-duration for us—
from idea, to development to massive
scale. That's the new norm that we see
everyday.”
– Thilina Gunasinghe, Chief Technology Architect,
McDonald’s
Cost sensitive—
selling hamburgers!
Multi-country
support, each
with multiple
delivery partners
Scalability and
reliability to deliver
over 1 million
orders per hour

How do you lead your organization
through a transformation?

Driving business value
through innovation and agility requires…
Change in mindset
and approach
Communicating
your vision
Change
management

Change in mindset
and approach

Driving Business Value …. means Playing Offense:
Change Agents play offense …. incumbents play defense
Change in mindset
and approach
Leadership versus Management
Organize around outcomes versus
projects
Focus on maximizing available
technology to drive business value

Management versus leadership
Management (defense)
Planning and budgeting
Organizing and staffing
Controlling and problem solving
Leadership (offense)
Establishing direction
Aligning people
Motivating and inspiring
CH ANGEOR D ER

Organize around business outcomes
Change the mindset for your team and redefine your approach
Product
Continuous development
Customer defines roadmap
Measured by output
& outcomes
Business objective
Maximize a strategic KPI
Types of KPIs: Minimize
waste, increase conversion
Measured by outcomes
Project
Pre-defined
requirements scope
and schedule
Deliver what
was planned
Measured by output

Start with the customer and
then work backwards
Press Release
FAQ
Working backwards
Customer
Press Release
FAQ
User Manual

From: defining business and IT strategy
Business IT

To: business value enabled by technology
Business
outcomes
Maximizing
value from
technology

GE Healthcare creates
new digital business
“Advancing medical outcomes requires
processing large amounts of healthcare data
with governed access to that data for research
as well as clinical application…We chose AWS
for GE Health Cloud for its breadth of services
and commitment to making those services
compliant with global health data regulations,
which was key for us."
–Mitch Jackson, Vice President of Cloud Strategy
and Technology, GE Healthcare Digital
Establishes an
ecosystem for
innovation
Improves diagnoses
and treatment using
machine learning
Enables image
collaboration across
primary care,
specialists, and
care settings

Mint.com frees
resources to focus on
new revenue streams
“Datacenter management is not our core business. Our business is helping people improve their financial
lives. We wanted to focus more on delivering exceptional financial-management products and less
on managing the backend IT environment.”
–Sean McCluskey, Director of Application Development and Cloud Operations, Intuit Mint
25% cost reduction
15% improvement
in DBA productivity
Failover scenarios now
1 min vs. 30 min
Hours vs. weeks to
spin up new service

Communicating
your vision

Driving business value and change
requires building a campaign strategy to win
Clarity of purpose
Build alliances
Secure executive
sponsorship
Communicating
your vision

Clarity of purpose
Where are you going? And why?
What is your elevator statement?
Is your vision sensible
and appealing?
How can the vision
be achieved?
How can you create and
sustain momentum?

Building peer alliances

Secure senior executive sponsorship to help:
Network with peers
Remove obstacles
Delegate authorityEscalation path
Amplify message Signal intent

Ryanair personalizes
customer travel plans
with machine learning
“Machine learning is hugely important to
our growth, and we’re pursuing a variety
of AWS machine learning services,
including Amazon SageMaker, to
personalize the MyRyanair portal for
every unique traveler.”
–John Hurley, Chief Technology Officer, Ryanair
Routes support
requests to the right
assistance type
Automatically
detects flight
surge demand
Enhances and
personalizes
customer experience

Change
management

Driving business value
means embracing change
Dealing with resistance
Security compliance
Manage the inputs
Consider a partner
Change
management

FUD Concern
Convince
Educate
Clarify
Or
Overrule
Analyze
Research
Offer solution
Or
Accept risk
D I FFE R E NT I A T E

FUD Concern
Convince
Educate
Clarify
Or
Overrule
Analyze
Research
Offer solution
Or
Accept riskE XE C UT I VE SPO NSO R
D I FFE R E NT I A T E

Security and compliance
Security as a foundational principle
Automate as much as you can
Review/translate/map security requirements
Challenge assumptions
Offer alternative mitigating controls

Customer
AWS
AWS is responsible for
security of the cloud
Customer is responsible for
security in the cloud
Customer data
Platform, applications, identity, & access management
Operating system, network, & firewall configuration
Client-side data encryption &
data integrity authentication
Server-side encryption
(file system &/or data)
Network traffic protection
(encryption/integrity/identity)
Compute Storage Database Networking
Edge
locations
Regions
Availability Zones
AWS Global
Infrastructure
Share your security responsibility with AWS

Financial industry regulatory authority
Went from 3–4 weeks
for server hardening
to 3–4 minutes
“We determined that security in AWS is
superior to our on-premises data center
across several dimensions, including patching,
encryption, auditing and logging,
entitlements, and compliance.”
- John Brady, CISO FINRA
Processes approximately
6 terabytes of data
and 37 billion records
on an average day
Looks for fraud, abuse, and
insider trading over nearly
6 billion shares traded in U.S.
equities markets every day

We leverage the most Robust, Fully Featured Technology Platform

Consider a partner who has traveled the road before
Business case
Executive alignment
Cloud architecture
Organizational structure
Communication
Training
Security architecture
Security competencies
Compliance and risk
Security and
compliance
Strategy
Organization
change

APN Premier Consulting Partners

Driving business value through
innovation requires…
Change in mindset
and approach
Communicating
your vision
Change
management

Transformation Day topics
Culture &
organizational change
Industry trends
& solutions
Migration &
enterprise workloads
Security &
compliance
Cloud
economics
Digital innovation
& business transformation
Leveraging AI
& big data

S E A T T L E
Best Practices for Migrating Your
Enterprise Workloads to AWS
Sadegh Nadimi
Principal Business
Development Manager
Ivan Oprencak
Director Product Marketing
VMware Cloud on AWS
08.22.19

Agility and staff
productivity
Outsourcing changes
EOL HW/SW
Going global
quickly, M&A
Improved security and
operational resilience
Cost reduction
IoT and AI/ML
Business drivers for migrating to the cloud
Data center
consolidation
Digital
transformation

Common business outcomes
Build and operate your foundation for innovationAgility
Obtain substantial cost savings, freeing up resources
to focus on what differentiates your business
Operational
efficiency
Migrate through a secure and proven approach that reduces
IT risks by moving to a more resilient IT modelReduced risk

Mint.com migrated to focus on building new products
Hours vs. weeks to
spin up new service
“Data center management is not our core business.
Our business is helping people improve their financial lives.
We wanted to focus more on delivering exceptional
financial-management products and less on managing
the backend IT environment.”
—Sean McCluskey, Director of Application Development
and Cloud Operations, Intuit Mint
25% cost reduction 15% improvement in
DBA productivity
Failover scenarios now
1 min vs. 30 min

Other migration success stories
Consolidating 56 data centers down to 6, moved 75% of infrastructure to cloud, and
re-allocated more than $100M to key business drivers
Migrated ~5,500 instances in 9 months, reduced storage costs by 50% and compute
costs by 20%, and sped up provisioning 10x from 4 weeks to 2 days
Realized a 52% reduction in TCO
Migrated more than 600 workloads to AWS in under 14 months, including some Unix
to Linux conversions, driving year-over-year cost reduction, and cut processing time
from 36 hours to 10 seconds
Releases over 50+ deployments per hour

How do I create a business case?
What do I have in my environment?
How do I get started?
How do I move these workloads?
What do we do after we migrate?
What should I move to the cloud?
How do I get my team re-skilled?
Common questions

Executive sponsorship is the starting point

Migration process
Assessment Readiness &
planning
Migration Operations &
optimizations

planning
optimizations
Migration process: Assessment

Migration readiness assessment workshop
Technical capability focused
Platform
Applications and infrastructure
Security
Risk and compliance
Operations
Hybrid and dynamic
Business capability focused
Business
Value realization
People
Roles and readiness
Governance
Prioritization and control

Discover and build your business case
Annual On-Premises Cost Direct Match to AWS Rightsized to AWS
36%
savings

Building the business case using value drivers
Ability to match supply & demand elastically
Elimination of hardware refresh programs
Elimination of maintenance programs
Transparency drives a lean mindset
Cost savings

Automation drives maintenance efficiencies
Reduced cost of planned and unplanned outages
Increased developer productivity
Staff productivity
Cost savings

Reduced risk profile/reduced cost of
risk mitigation
Revenue & margin improvements due to
reduced outagesStaff productivity
Operational resilience
Cost savings

Reduced time to market & innovation
Increased operational agility (new market
penetration, divestiture, acquisition)
Cost savings
Staff productivity
Business agility

Live Nation gained agility, security, and availability
while lowering costs
Cost savings Staff productivity Operational resilience Business agility
58%
total cost savings:
18% immediate and
another 40% after
optimizations
99.999%
application availability,
up from 99.9%
10x
increase in
innovation pipeline
50%
reduction in traditional
IT operations tasks

planning
optimizations
Migration process: Readiness & planning

Migration planning
Disconnected and incomplete data Discover and organize data 7 Rs
Applications
Performance
Infrastructure
Level
of
effort
Retire
Retain
Relocate
Rehost
Repurchase
Re-platform
Refactor
Tribal
knowledge
SLA/OLA
App configuration
data
Asset
inventories
CMDB Architecture
Performance
Information
Automation
and guidance
AWS Application
Discovery Service
Amazon Athena

Rehost Automate
Manual
Install Config Deploy
App code
development
Refactor Redesign ALM/SDLC Integration
Seven common migration strategies: “The 7 Rs”
Retire
Retain
Re-platform Determine
platform
Modify
infrastructure
Determine
Discover
VALIDATION
Transition
Production
Assess/
Prioritize
Repurchase Buy
COTS/SaaS
Install/setup
Relocate
(VMware Cloud on AWS)
Automate
Use migration tools

Cloud enablement engines
Cloud platform engineering
Platform
Operations
Security
Cloud business office
Product Architecture
Onboarding
OCM
Financial Delivery TrainingCloud leader
Product owner
Financial analyst
OCM/training specialist
Cloud architect
Platform engineers
Architecture
alignment
Product
management
Onboarding
Financial
management
Training
Org change
management
Delivery management
Initial cloud enablement engine
(6–12 months)
Platform
Operations
Security
Cloud
foundation team
(0–6 months)
Cloud enablement engine at scale
(12+ months)

Landing zone facilitates getting started
AWS Control Tower
Manage
accounts
and policies
Set up
environment
Enable control
Establish
cost controls
Improve
over time

Securing your cloud migration journey
Goals
Innovation
Migration
Foundation: AWS Cloud Adoption Framework
Business, People, Governance, Platform, Security, Operations
Security on
AWS
Workshop
AWS Jam
SRC
Blueprint
Identity &
Access Mgt
Data
Protection
Logging &
Monitoring
Security
Incident
Response
Simulation
Infrastructure
Security
Incident
Response
Security
Assessment
Business
Outcomes

planning
optimizations
Migration process: Migration

Simplify and accelerate migration with CloudEndure
Non-disruptiveFlexibleFast
Simple setup lets you
start in minutes
Robust, predictable,
nondisruptive
continuous replication
and minimal cutover
windows
Wide range of OS,
application, and
database support
Highly secure for
regulated
environments
Secure
CloudEndure Migration is now free to all AWS customers

Run workloads
on-premises
Run workloads
in the cloud
Tight integration
between
on-premises and
the cloud
Without buying
new hardware
For customers that want a hybrid approach…

VMware Cloud on AWS
Overcome migration obstacles when moving VMware environments
to AWS Cloud
VMware SDDC running on AWS bare metal
Delivered, operated, and supported by VMware
On-demand capacity and flexible consumption
Full operational consistency with on-prem SDDC
Support for vSphere qualified solutions
Global AWS footprint, availability, and scale
Direct access to native AWS services
AWS Global InfrastructureCustomer Data Center
VMware SDDC
on-premises
AWS services
vRealize Suite, third-party vSphere ecosystem
vCentervCenter
VMware CloudTM on AWS
Powered by VMware Cloud Foundation
Large-scale application migration
vSphere vSAN NSX

Migrate hundreds of live VMware VMs to
AWS Cloud instantly
VMware Cloud on AWS
Cost savings
No application re-factoring or
re-architecting needed
Staff productivity
No retraining of staff or revamping
of operational processes
Familiar and proven VMware
environment combined with the
global AWS footprint, reach and scale
Business agility
Bi-directional live application
migration to avoid disruption in
business transactions, and the ability
to scale capacity in a few minutes

Others have already migrated hundreds of
VMs in days
On-premises:
from request until ready for
consumption, on average for
an additional host
86D A Y S
VMware Cloud on AWS:
from request until ready for
consumption, on average for
an additional host
~10M I N U T E S
650+ workloads in 5 days
—LIVE MIGRATED
>350 workloads and 30TB
in 20 days
We have an amazing team with cloud backgrounds, but transforming
existing enterprise apps into cloud-native equivalents is extremely
difficult. Even for our private cloud apps, migrating them to public cloud
presented risks if they were not carefully re-platformed and re-tested.
VMware Cloud on AWS coupled with Trend Micro Deep Security smooths
that out, saving us months of time and thousands of man hours.
Zack Milem,
Cloud Solutions Architect, Trend Micro
“
”

Planning
optimizations
Migration process: Operations & optimizations

Operating your cloud
• AWS Service Catalog
• AWS Systems Manager
• AWS management tools
and services
• Modeling and
provisioning
• Automation and
operations
• Monitoring and logging
• Third-party tools
Self-managed
• 40+ curated services
• “Month-to-month” terms
• Addresses security &
compliance
(PCI/SOC/ISO/HIPAA/NIST
certified/compliant)
• 7 management services
provided
AWS Managed
Services (AMS) • 100+ Managed Service
Partners (MSP)
• Certification program
• Third-party audit
• Full lifecycle services
Partner-managed

High-value, rapid impact modernizations to optimize
your applications
Amazon
Elasticsearch
Service
Improve availability
and performance
Evolve to breathe new life
into your applications
Split off microservices
from the monolith

The most comprehensive set of services and expertise
AWS and Partner
Tools AWS
Partners
Migration
Methodology
AWS
Investment AWS
Training
AWS
Professional
Services
AWS Managed
Services

Partners to help you migrate
• AWS Migration Competency Partners (40+)
• Established AWS migration practice
• Current Managed Services or DevOps Competency
• At least Advanced level AWS Consulting Partner
• AWS certifications and certified consultants
• Audited annually against competencies

Engage an executive champion
Engage AWS on Business Case and Readiness
Identify your first application to showcase your
cloud potential with AWS
Create your Cloud Foundation Team
Find your learning path with AWS Training
and Certification
1
2
4
3
5
Sadegh Nadimi
sadeghn@amazon.com
Actions to get started

Industry leaders modernize on AWS

S E A T T L E
Developing a FinOps Culture
Arthur Basbaum
AWS Cloud Economics
The benefits of developing a self-sustained cloud financial
management culture without impacting the speed of innovation
08.22.19

Achieving business value with the Cloud Value Framework
Cost savings (TCO)
Example
50%+ reduction in TCO (GE)
What is it?
Infrastructure cost savings/
avoidance from moving to
the cloud
Cost impact
Staff productivity
Example
More than 500 hours per year
of server configuration time
saved (Sage)
What is it?
Efficiency improvement
by function on a task-by-
task basis
Example
Critical workloads run in
multiple AZs and Regions
for robust DR (Expedia)
What is it?
Benefit of improving SLAs and
reducing unplanned outage
Business agility
Example
Launch of new products
75% faster (Unilever)
What is it?
Deploying new features/
applications faster and
reducing errors
Value impact
AWS has been helping enterprises for 13+ years

AWS lowers prices over time
73 price
reductions
since 2006
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS allows you to eliminate waste and match
capacity and demand
Traditional hardware spend
Demand
for IT
AWS
Cloud Avoided
Waste
Avoided
Waste
Large
Capex
Peak
Business
Demand Met
Cost Optimization

Traditional technology consumption
Model
Engineers as requesters
Finance as approvers
Spend is predictable and static
Long procurement cycles
High cost of failure

Changing the way IT and Finance operate
??? Model
Engineers as requesters and approvers
Finance with no visibility
Spend is dynamic and less predictable
Agile experimentation with occasional
waste
Lack of communication between
Finance and engineers

Cloud technology consumption
FinOps
Model
Engineers and Finance acting as one (FinOps)
Procurement is instant
Agile experimentation combined with
predictable cost and reasonable budgets
Low cost of failure

Some of the root causes of cloud waste
Managing access to
on-demand resources
Pricing options Services and resource sizes
Budgeting and forecasting Cost visibility for resource
owners
Automation for
optimizing deployments
Learning curve associated with:

Jeff Bezos
CEO, Amazon.com
Good intentions never work,
you need good mechanisms
to make anything happen

Cloud Financial Management (CFM) Framework
See
Account & tagging strategy
Cost reporting &
monitoring
Showback & Chargeback
Efficiency/value KPIs
Run
Partnership between
Finance
& Technology organizations
Invest in people, processes,
governance & tools
Celebrate wins
Save
Cost aware architecture,
design & service selection
Match capacity with
demand
Choose the right pricing
model
Resource governance
Plan
Strategic fit
Business case & value
articulation
POC based cost estimation
Budgeting & forecasting
variable cloud spend

Implement a standard account structure
and tagging dictionary
Establish cost reporting and monitoring process
Perform show/charge back for business units
Measure and circulate efficiency/value KPIs
Track cost and usage to organizational structure
Proactively detect and address cost variances
Drive cost aware cloud consumption
Validate cloud investment decisions and outcomes
By tagging all instances in AWS, we are now able to look at specific costs from the
application layer down to every resource associated with an application. This has allowed
us to surface the hidden costs for operating applications.
Chad Marino,
Executive Director of Technology Services
Activities Outcomes
Measurement and accountability

Our old platform was built and used for 6 years on “our night” of television, and never
failed. Resilience and redundancy were areas which we really needed to focus on (as we
moved to serverless). If the RDS failed then we had SQS, if SQS failed then we had S3
backups. Our (old platform) monthly hosting costs were over $83k, compared to under $6k
(for serverless). In fact, the cost of our ”on the night” serverless platform was $92.
Caroline Rennie, Product Lead
Cost-aware architecture, design and service selection
Match demand with supply
Choose the right pricing model
Implement process to identify resource waste
Increased staff productivity and operational resiliency
Eliminating spend related to overprovisioning while
being able to scale to meet demand
Improved unit economics and lower TCO
Reinvesting wasteful spend into innovation
and experimentation
Cost Optimization
Activities Outcomes

By using AWS, Zynga could carefully plan, test, and develop proof of concepts
without needing to commit to long-term fixed IT assets. This resulted in reduced costs
and lower risk as it adapted to technology demands in real time, instead of relying on
forecast models.
Estimate costs through proof of concept
Establish a process for budgeting and forecasting
variable cloud usage
Gain executive buy-in and establish cloud strategy
Agile cost forecasting
Understand how the cloud can enable or support
strategic initiatives
Build a business case and articulate expected value Increased business and usage predictability
Planning and forecasting
Activities Outcomes

Celebrate wins
Bilingual teams: effective finance and technology
collaboration and communication
Reinforce and encourage cost aware behaviors and culture
Establish a partnership between Finance and
Technology organizations
Invest in people, processes, governance and tools
Maximize cost efficiency and agility in a continuous
manner at scale
Cloud financial operations
Activities Outcomes
ICONLOOP has established a Task Force Team for continuous cost management and began the Cost
Optimization process by identifying and categorizing current resources based on tagging, user, and
usage. For the classified resources, we were able to right-size our instances and reduce our EC2 spend
by 5%, and apply AWS Reserved Instances for 36% additional overall cost reduction for steady-state
workloads. This process has already allowed us to reduce AWS cost significantly and we keep monitoring
our resources through a dashboard we built to achieve more savings.
Jinwoo Jeong,
Infrastructure Team Leader

Metrics
What success looks like
for your company?
Ownership
Who is responsible
for cost mgmt?
Cost Allocation
How much each team
is spending?
Selection
What’s the best pricing
model to your
workload?
Getting started

TAGS
Cost allocation tags
Environment
Project
Team
Application ID
Cost Center
AWS Organizations
Cost Allocation: Transparency & Visibility

Cost based (efficiency)
$ Monthly forecast vs actual
$ Average daily spend
% Turned off instances
% RI coverage and utilization
$ Saved
$ Untagged resources
# Underutilized resources
…
Value based (business outcomes)
$ per User or Transaction
$ per Impression or Click
$ per Request
$ per Application or Business Unit
$ per Revenue
$ Per Developer
# hours per $ invested
…
Metrics: Link consumption with value created

On Demand (OD)
Prototyping, demand still
unknown
Pay only for what you use
Pay per second without any
commitment
Reserved Instances (RI)
Known workloads,
predictable demand
Up to 75% less vs OD
Commit to 1 or 3 years and get a
significant discount
Spot
Flexible workloads,
stateless
Approx. 90% less vs OD
Idle capacity, low cost and
no commitment
Selection: Leverage AWS Pricing Models

Traditional Enterprise Retail Media
Benchmark: This is how a good mix looks like
RI OD SP RI OD Spot RI OD Spot

#1 First RI purchases, very
conservative, made by an
engineer with limited AWS
experience on pricing models
#2 Finance start asking
question and better metrics /
visibility on AWS costs, lots of
meetings to explain deviations
#3 Hire someone to take
care full time of AWS costs
#4 Low complexity activities (RIs
and idle resources) are performed
regularly. Start to dive deep on
more complex topics, right sizing
of EC2, DynamoDB and S3, tag
revision to add more granularity
#5 Increased demand for cost
predictability (improvement in the
budget process) Migration to
Kubernetes and loss of cost visibility
#6 Focus on performance and
stability, right size containers
and leverage Spot
FinTech Journey - Developing cloud cost
management in a hypergrowth environment

Product A
launch
Start to do
optimization by
squad/team
Kubernetes
migration
New record for
customer
acquisition
Product B
launch
Preparing for
business growth
Product C
launch
90
services
250+
services
RI purchase
Cost per user evolution: after growing 3x userbase and
launching +150 new services cost per user remained stable

Reserved
Instances
Rightsizing
prod
Scheduling
S3 intelligent
tiering
Delete idle
resources
Impact
Complexity
Rightsizing
pre-migration
Spot, Serverless,
Auto Scaling, and other cost-
aware architecture*
*Typically needs upfront design investment or management support if done reactively
Successful Cost Management is a balanced approach

Identify owners for cloud financial management activities
Start with cost transparency (cost allocation tags), make sure teams who
are using the platform are aware of how much they are spending
Improve cost predictability with AWS Budgets and forecasting
Leverage tools (AWS Cost Explorer) to analyze and execute cost
optimization activities
Define what success looks for your organization (metrics) and build
mechanisms to recognize good behavior
Best practices

FinDay Events
Onsite prescriptive
education to accelerate
your cost optimization
journey
Benchmark
Compare your metrics
with the market
standards
Cost Opt metrics
Identify quick wins and
cost reduction based on
your usage
Training
Enable your org to
develop a cost oriented
culture
How can AWS help your cloud financial journey?

If you want something to happen
you need to make it easy

We don’t want to make money from customers that aren’t
getting value from us… How many of your partners call you
up and say “stop spending money with us?”
Andy Jassy
CEO, AWS

AWS Cost Optimization
aws.amazon.com/pricing/cost-optimization/
AWS Well Architect Cost Opt Whitepaper
d1.awsstatic.com/whitepapers/architecture/AWS
-Cost-Optimization-Pillar.pdf
Cost Optimization Well Architect Labs
awscostlabs.com
FinOps Foundation
finops.org
AWS Cost Management
aws.amazon.com/blogs/aws-cost-management/
Laying the foundation for Cost Opt Whitepaper
d1.awsstatic.com/whitepapers/cost-optimization-
laying-the-foundation.pdf
Case studies and research
aws.amazon.com/solutions/case-studies
AWS Cost Management Tools Partners
aws.amazon.com/products/management-
tools/partner-solutions/
Resources to get you started

S E A T T L E
08.22.19
Rapid Innovation:
Demystifying AI for the Enterprise
Kanchan Waikar (kwwaikar@amazon.com)
Senior Solutions Architect, AWS Marketplace for Machine Learning

40% of digital transformation initiatives
supported by AI in 2019
—IDC 2018
InnovationDecision
making
Customer
experience
C E N T E R P I E C E F O R D I G I T A L T R A N S F O R M A T I O N
Business
operations
Competitive
advantage

Our mission at AWS
Put machine learning in the
hands of every developer

W H Y A W S F O R M L ?
200 new features and services
launched this last year alone
Unmatched flexibility
Broadest and
deepest set of AI
and ML services
70% cost reduction
in data-labeling
10x faster performance
75% lower inference cost
Accelerate your
adoption of ML
with SageMaker
Built on the most
comprehensive cloud
platform optimized for ML
AWS holds the top spots
on Stanford’s benchmark,
for fastest training time, lowest
cost, lowest inference latency

10,000+ customers | 2x the customer references | 85% of TensorFlow projects
in the cloud happen on AWS

Innovating in real time with AI: An executive view
https://www.youtube.com/watch?v=9dd4bGBc5lQ

FRAMEWORKS INTERFACES INFRASTRUCTURE
AI Services
Broadest and deepest set of capabilities
T H E A W S M L S T A C K
VISION SPEECH LANGUAGE CHATBOTS FORECASTING RECOMMENDATIONS
ML Services
ML Frameworks + Infrastructure
P O L L Y T R A N S C R I B E T R A N S L A T E C O M P R E H E N D
& C O M P R E H E N D
M E D I C A L
L E X F O R E C A S TR E K O G N I T I O N
I M A G E
R E K O G N I T I O N
V I D E O
T E X T R A C T P E R S O N A L I Z E
Ground Truth Notebooks Algorithms + Marketplace Reinforcement Learning Training Optimization Deployment HostingAmazon SageMaker
F P G A SE C 2 P 3
& P 3 D N
E C 2 G 4 E C 2 C 5 I N F E R E N T I AG R E E N G R A S S
E L A S T I C
I N F E R E N C E
D L C O N T A I N E R S
& A M I s
RL Coach

Modernize your contact center to improve customer service
conversational chat bots | call transcription | intelligent routing | sentiment analysis
VoC analytics text-to speech | multilingual omni-channel communication
POLLY TRANSCRIBE TRANSLATE COMPREHEND LEX

Use AI services to strengthen safety and security
accurate facial analysis | identity protection | metadata extraction
REKOGNITION
IMAGE
COMPREHEND &
COMPREHEND MEDICAL
REKOGNITION
VIDEO

recommendation technology used by Amazon.com | context-aware recommendations
sentiment analysis | VoC analytics
PERSONALIZE REKOGNITION
IMAGE
REKOGNITION
VIDEO
COMPREHEND
Personalize customer experiences with
targeted recommendations

forecasting technology used by Amazon.com | multiple time-series data
forecast scheduling and visualization | supply chain integration
FORECAST
Accurately forecast future business outcomes

Amazon SageMaker
Pre-built
notebooks for
common problems
Collect and prepare
training data
Built-in, high
performance
algorithms
Choose and optimize
your ML algorithm
One-click
training
Optimization Fully managed
with auto-scaling,
health checks,
automatic handling of
node failures, and
security checks
One-click
deployment
Choose a Machine Learning model from AWS Marketplace
Procure Machine Learning algorithm from AWS
Marketplace
Set up and manage
environments for
training
Train and
tune model
(trial and error)
Deploy model in
production
Scale and manage the
production environment

AWS DeepRacerAWS DeepLensAmazon SageMaker Machine Learning
Certification
Build your machine learning skills
NO PhD REQUIRED

The world’s first deep learning-enabled video camera for developers
• Seven new countries:
• Hey, AWS DeepLens: Amazon.ca
• Hallo, AWS DeepLens: Amazon.de
• Hola, AWS DeepLens: Amazon.es
• Bonjour, AWS DeepLens: Amazon.fr
• Ciao, AWS DeepLens: Amazon.it
• こんにちは、ディープレンズ: Amazon.co.jp
• Good day, AWS DeepLens: Amazon.co.uk
• Howdy, AWS DeepLens: Amazon.com
• Run models 2 x faster with Amazon SageMaker Neo
optimization
• New tutorials: construction worker safety (hard hat detection),
coffee drinking detection, sentiment analysis.
NEW in the 2019 edition
AWS Deeplens

Extensive Selection Flexible Consumption
and Contracts
Easy Deployment Consolidated Bill
AWS Marketplace: Find, Buy, Test, and Deploy Software
• 230,000 active customers
• 1,400+ ISVs
• One click launch
• 18 regions
• Over 650 million
hours of monthly EC2
• Over 4,800 product
listings
• Offers 39 categories
• Pay as you go
• Hourly/monthly/annual
• SaaS contracts Amazon
SageMaker/containers
• Charges
consolidated into
AWS Billing
• For hardware and
software

AWS Marketplace for Machine Learning
Subscribe in a
single click
KEY FEATURES
Automatic labeling via machine learning
IP protection
Automated billing and metering
Browse or search
AWS Marketplace
S E L L E R S
Broad selection of paid, free, and
open-source algorithms and models
Data protection
Discoverable on your AWS bill
B U Y E R S
Available in Amazon
Sagemaker
To learn more about machine learning marketplace, write to aws-mp-bd-ml@amazon.com

AWS Marketplace for machine learning
A V A I L A B L E A L G O R I T H M S & M O D E L S
• Over 240+
algorithms and
models
• 53 categories
Natural Language
Processing
Grammar & Parsing Text OCR Computer Vision
Named Entity
Recognition
Video Classification
Speech Recognition Text-to-Speech Speaker Identification Text Classification 3D Images Anomaly Detection
Text Generation Object Detection Regression Text Clustering
Protection equipment
detection
Ranking

Algorithms let you train a custom model.Model packages are pretrained and
ready-to-use.
Create a model and then use them for:
• Batch inference
• Real-time inference
• Generating Synthetic features
Use algorithms for:
• Training a model!
• Hyperparameter optimization
Pre-trained models Train a custom model21
E.g. MXNet ResNet50 Inference, by Intel AI
E.g. Intel® DAAL k-Nearest Neighbors (kNN)
Intel®DAAL DecisionForest Classification
H2O.ai H2O-3 Automl Algorithm
What can you find in AWS Marketplace?

Machine Learning Lifecycle
Jupyter
notebook
Model
Training
Hyper-
param
tuning
ML
Algorithm
Deploy
model
Manage
deployment
Built-ins
BYOA
AWS Marketplace
for
Machine Learning
AWS
Provided
BYOM
AWS
Marketplace for
Machine
Learning
Build
Train
Deploy/Host
Sourcing algorithms
Sourcing models
AWS
ProvidedAWS Marketplace
for
Machine Learning

Computer
Vision
NLP
Video
Image
TextAudio
AWS Marketplace
for
Machine Learning
66 products
14 vendors
35 products
17 vendors
6 products
2 vendors
34 products
19 vendors
75 products
18 vendors
13 products
3 vendors
13 products
4 vendors
Speech
Recognition
Structured

HCLS domain models/algorithms
• Modjoul Heat Index Model
• Medical No Show Prediction
• Prediction of Patient Readmission Rate
• Acquired Hypothyroidism Disease State
• AFIB Disease State Predictor
• Alzheimers Disease State Predictor
• AMI Disease State Predictor
• Anemia / Asthma Disease State Predictor
• Breast Cancer Disease State Predictor/Classification
• Bronchiectasis Disease State Predictor
• Colorectal Cancer Disease Predictor
• COPD Disease State Predictor
• Depression Disease State Predictor
• Fibromyalgia Disease State Predictor
• Heart Failure Disease State Predictor
• Heart Transplant Disease State Predictor
• Hip Replacement Disease State Predictor
• Glaucoma Detection
• Hypertension Disease State Predictor
• Knee Replacement Disease State Predictor
• Leukemia Disease State Predictor
• Lung Cancer Disease State Predictor
• Lymphoma Disease State Predictor/Subtype Classification
• MS Disease State Predictor
• Opioid Addiction Disease State Predictor
• Ovarian Cancer Disease State Predictor
• Parkinson's Disease State Predictor
• Resuscitation Disease State Predictor
• Senile Dementia Disease State Predictor
• Sleep Apnea Disease State Predictor
• Total Joint Replacement Disease State
• ITP - Inflammation & Immunology
• ITP - Lymphoma
• ITP - Myeloid
• ITP – Solid Tumor
• Dementia Prediction

Domain Some of the many models from AWS Marketplace
Insurance –
Auto/Industrial
IOT domain
• Vehical Attribute Detection
• Vehicle damage inspection
• Deep Vision vehicle recognition
• Modjoul Automotive Telematics Model
• Construction Machines Detector
• Construction Worker Detector
• Person and Truck Segmentation
• Personal protective equipment detector
• Modjoul Geo Fence Model
• Modjoul Asset Utilization Model
• Modjoul Stationary Work Model
• Modjoul Walking Model
• Modjoul Lower Lumbar Model
• Modjoul Motion Model
• Ball Bearings Quality Inspection
• Hard hat detector
Retail
• Retail Store Sales Prediction
• Barcode Detection
• Credit card detection
• Cortexica Fashion Localisation (CPU)
• Person Attribute detection
• Unbxd AI - Fashion eCommerce NER
• Category Recommendation Inference Model
• Review Helpfulness Prediction
• Basic Churn Predictor
• Churn Prediction
• Credit Default Prediction
• Attrition Prediction
• Bike Rentals Predictor

Category Some of the many models from AWS Marketplace
Computer-Vision • Cortexica Interiors Localisation
• Cortexica BodyParts Localiser
• Deep Vision brand recognition API
• Logo Recognition in Images
• Cortexica Interiors Localisation (CPU) Image
collage classifier
• Deep Vision visual search API
• Barcode Detection
• Vehical Attribute Detection
• Cortexica BodyParts Localiser (CPU)
• Image collage classifier
• Image human classifier
• Local Photo ID (Singapore)
• Mighty Anonymize (GPU - Advanced)
• Face blocking or blurring for Privacy
• Face Anonymizer (GPU)
• Skin Disease Classification (GPU)
• Passport Data Page Detection
• Waste Classifier (CPU)
• Deep Vision brand recognition API
• Local Photo ID (Singapore)
• Deep Vision vehicle recognition
• Image mosaic classifier
• Image text classifier
Audio • Deepgram Speech Recognition (en-GB/Spanish)
• Deepgram Speech Recognition
(General/Phonecall/Meeting)
• Audio Gender Classifier
• Background Noise Classifier
• Automatic Audio or Sound
Classification(algorithm)
• Music Genre Recognition(algorithm)

Category/Domain Some of the many models from AWS Marketplace
Text • Word Associations Inference Model
• Sentiment Analysis Inference Model
• Topic Tagging Inference Model
• Novetta Text Tagger
• Insult detection
• Emotion Analysis Inference Model
• Abusive Text Content Detection
• Sentiment Analysis
• Review Helpfulness Prediction
• Lemmatizer Inference Model
• Named Entity Recognition
• Text Similarity
• Text Similarity Inference Model
• Text Similarity Analyzer
• Language Scoring Inference Model
• Demisto Phishing Email Classifier
• Lyrics Generator (CPU)
• Neural Paraphrase Generation
• LexisNexis US Legal Taxonomy - Level 1
• Novetta News Tagger - Russia 360°
• Novetta News Tagger - Syrian Conflict
• Novetta News Tagger (Foreign Policy)
• Novetta News Tagger (Humanitarian)
• Banking FAQ Intent Matching
• Wipro HOLMES™ E-KYC Controller Extractor

• Detect Phishing Websites
• NFL Games Predictor
• Neural Paraphrase Generation
• Detect Phishing Websites
• NFL Games Predictor
• Crop Quality Inspection
• Bitcoin Predictor
• Simple Chemistry Binding Predictor
• Simple Income Predictor
• Automatic Date & Time Features
• Attrition Prediction
Amazon Web services provided models
• GluonCV DeepLab Semantic Segmentation
• GluonCV Faster-RCNN Object Detector
• GluonCV MobileNet Classifier
• GluonCV ResNet50 Classifier
• GluonCV SSD Object Detector
• GluonCV YOLOv3 Object Detector
• GluonNLP English to German Translation
• GluonNLP Sentence Generator
And many more..

• Insurance company looking to
modernize
• Current pain-point
• 24 hours to receive a response
• Goal
• Make claims processing quick,
easy, and efficient
Sample use-case: Insurance claim process

Vehicle Make /model
identification
License plate
Verification
Damage
Identification
Automate
verification 2
Automate
verification 3
Automate
identification
Cross check car
information with
policy information
Cross check
support
information
Identify damage
and get
confirmation
1 2 3

Amazon SageMaker
Mobile
client
Amazon Lex
AWS Lambda
Invoke Amazon
SageMaker endpoint
AWS
Marketplace
Vehicle Damage
Inspection
Pre-trained
Model
Deep vision
vehicle
recognition
Pre-trained
Model
Deploy Model
2 3
Amazon DynamoDB
7
5
trigger
Claim
processing
engine
4
8
Amazon API Gateway
6
1

Mobile
client
Amazon Lex
AWS Lambda
2 3

Mobile
client
Amazon Lex
AWS Lambda
2 3
4
Amazon API Gateway

Amazon SageMaker
Mobile
client
Amazon Lex
AWS Lambda
Invoke Amazon
SageMaker endpoint
AWS
Marketplace
Vehicle Damage
Inspection
Pre-trained
Model
Deep vision
vehicle
recognition
Pre-trained
Model
Deploy Model
2 3
Amazon DynamoDB
7
5
4
Amazon API Gateway
6
1

1
Create
the loop
Connect technology initiatives
with business outcomes
2
Assess your structured and
unstructured data sources
Advance your
data strategy
?
3
Put machine learning in the
hands of your developers
Organize
for success
C U L T U R E – S E T T I N G Y O U R O R G A N I Z A T I O N U P F O R S U C C E S S

S E A T T L E
How to Build your Cloud
Enablement Engine with the
People you Already Have
Russell Easter
Senior Consultant, AWS
08.22.19

Agenda
Review the AWS migration journey
What is an operating model?
Activity-based operating models
Transitioning from activity-based to product-based operating models
Cloud enablement engine
The product org driving the transition to AWS
Accelerating organizational readiness with training
Five questions to think about now
Next steps
1
2
4
3
5
6
7
8

Security &
compliance
Landing
zone
Skills/CoE
Operating
model
Discovery
& planning
Migrations
& expertise
Business
case
Migration
plan
Migration
readiness assessment
Migration readiness & planning (MRP) Migrations & operations
MRP timing: 2–6 months, partner,
and/or ProServe consulting project
Readiness briefings
& workshops
Migration readiness assessment
TCO analysis
TCO report
Rapid
discovery
We are at the beginning of the migration journey…
Operate
Optimize
Migrate

Business
Operating model
IT
Operating model
New ideas &
innovation
OutcomesOutcomes
Speed &
agility
Value &
results
Operational
excellence
Cost
optimization
Business
capabilities
Technology
capabilities
Security &
compliance
Business
workforce
Technology
workforce
Digital
products
& services
Business
processes
Technology
processes
What is an operating model?
An operating model should define how the business and IT align their capabilities, processes, and
workforce to reach strategic business outcomes. This is often not the case.

InfrastructureApplications
OperationsEngineering
Application
engineering
Application
operations
Infrastructure
engineering
Infrastructure
operations
Business software
Custom developed or
common of the shelf
Infrastructure
Compute, network, storage
middleware, runtime, data
operations, security
Develop, build, and test
All activities needed
to define and validate
platform infrastructure
or business applications
Deploy, operate,
and manage
All activities needed
to deploy and support
platform infrastructure and
applications in production
This is because most enterprises operate in an
“activity-based” model
Custom-developed or
common, off-the-shelf

Each step delays time to valueDefects passed downstream are often discovered late in the delivery cycle and have to be revisited
Biz case & reqs
Business
Creative & functional
Design
Finance & PMO
Prioritization
Software development
Engineering
Integration & perf.
QA & testing
Deploy & manage
Infra & ops
Policy & compliance
Security
Defects
Defects
Defects
Defects
Defects
Wait
Wait
Wait
Wait
Wait
Wait
Wait
Wait
Defects
Cost is optimized by distributing accountability
across pools of resources
In the process, pervasive handoffs, bottlenecks, and defects are created
Idea
Value

The seven wastes of software development
DelaysTask switchingDefects
Handoffs Relearning Partially done
work
Extra features
But that’s not all…
Handoffs and defects are only two forms of waste created by activity-based operating models

Business outcomes IT outcomes
Sustain undifferentiated or commoditized
capabilities with minimal investment
Optimize cost, keep the lights on,
or retire/outsource to MSPs or
SaaS providers
Optimize and run core business functions Ensure resiliency, availability, security,
scalability, and efficiency
Grow market share or enter new markets
through differentiated digital products
Iterate quickly; hypothesize and
experiment with A/B testing and
continuous delivery; scale dynamically
to the unexpected
Think beyond a one-size-fits-all approach to
maximize the benefits of AWS
Differing business outcomes result in different priorities for the business, as well as IT

Sustain
“Traditional Operations”
Grow
“Decentralized DevOps”
Optimize
“Distributed DevOps”
How does your operating model align with business outcomes?PlatformApplications
Application
engineering
Application
operations
Cloud platform
engineering
Cloud platform
operations
ITSM
PlatformApplications
ITSM
Application
engineering
Cloud platform
engineering
ITSM
Application
engineering
Transitional Strategic Strategic

Sustain
Grow
Optimize
How can AWS help accelerate migration for your “sustain” workloads?PlatformApplications
Application
engineering
Application
operations
ITSM
ITSM
Application
engineering
Cloud platform
engineering
ITSM
Application
engineering
AWS Managed Services

Accelerate AWS adoption with AWS Managed
Services while building org confidence and maturity
provides ongoing management
of the AWS infrastructure
supporting your sustain
workloads, so you can focus
your energy on more
differentiated optimize
and grow workloads
Application
engineering
Application
operations
ITSM
Sustain
Change
management
Incident
management
Provisioning
management
Patch
management
Access
management
Security
management
Continuity
management
ITSM
integration
Reporting

How does my operating model affect my migration path to AWS?
Leverage the AWS Six R’s Framework to inform your workloads’ migration paths
Retire
Retain
Refactor
Repurchase
Replatform
Rehost
Buy
COTS/SaaS
Determine
platform
Redesign
Automate
Manual
Install/setup
Modify
infrastructure
App code
development
Use migration tools
Install Config Deploy
ALM/SDLC Integration
Transition
Production
Determine
Discover
VALIDATION
RearchitectLift & shift Lift & reshape Drop & shop

How does my operating model affect my migration path to AWS?
Migration paths should be chosen to support desired business outcomes, not to speed
up migration
Application
engineering
Application
operations
Cloud platform
engineering
Cloud platform
operations
ITSM
ITSM
Application
engineering
Cloud platform
engineering
Retire
Retain
Refactor
Repurchase
Replatform
Rehost
Determine
Discover
Traditional
Operations
Distributed
DevOps
Decentralized
DevOps
ITSM
Application
engineering
Sustain
Optimize
Grow
RearchitectLift & shift Lift & reshape Drop & shop

Sustain
Grow
Optimize
We recommend that over time, you transition “sustain” workloads...PlatformApplications
Application
engineering
Application
operations
ITSM
ITSM
Application
engineering
Cloud platform
engineering
ITSM
Application
engineering
Retire
SaaS
Rearchitect

Grow
Optimize
Two models that enable both app and platform to be delivered as
products
ITSM
Application
engineering
Cloud platform
engineering
ITSM
Application
engineering
Strategic Strategic

Growth Customer
experience
Traffic
Sellers
Selection Lower
prices
Lower cost
structure
Amazon’s success
is frequently
attributed to its
peculiar way of
operating,
illustrated by the
Amazon flywheel

Customer
value
Customer
experience
Adoption
Feedback
Experiments
Reduce
time to value
Decouple
EmpowerA similar way of
operating drives the
flywheel behind our
ability to rapidly
deliver software
and services

Business
applications
Cloud
platform
The flywheel represents a
“product-based operating model”
powering customer-centric innovation and modernization

Customers realize maximum value from AWS
when they build their own flywheels

3
Organize teams
around products
FROMTO
4
Bring the work
to the teams2
Re-envision the
world as products 6
Own your
entire lifecycle5
Reduce risk
through iteration
Systems
amazon.com
Jan. Dec.
DeliveryCycleFundingCycle
Risk
Largebatch
Risk
FundingCycle
M
V
P
M
V
P
M
V
P
Smallbatch
DeliveryCycle
Jan. May Sept.
$ $$ $
Risk
Risk
Activity-basedteams
Business
Design
Mgmt.
PMO
Dev
Ops
Product-basedteams
Full Stack. Two Pizzas.
Bringworktotheteam
Work
Work
Bringteamtothework
amazon.com
Promos
Cart
Products
Item
Digital
Assets
Ads Search
Account
Home
Page
ImaginingKnowing
1
Work backwards
from the customer
Full-lifecycleaccountability
DevOps
platform
teams
DevOps
application
teams
Distributedaccountability
Item
Ads
Platform
Eng.
App
Eng.
App
Ops
Platform
Ops
Reduce time to valueCustomer obsession Adoption FeedbackExperimentsDecouple Empower
Building a product-based flywheel aligns
the business & IT on common goals
Six key changes are required

● Adaptive
home page
Experiences
Services
● Search
● Cart
● Account
● Item
● Advertising
● Promotions
● Digital asset
● Others...
Navigation
Promotions
Customer
Profile
Promotion Content Cartridge
Recommendations
Adaptivehomepage
Search
Cart
Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset
Cart
Account
Account
Search
Promotions
Item Item Item Item Item Item
Promo Promo Promo Promo Promo
Item Item Item Item Item
Digital
Asset
Digital
Asset
Digital Asset
Digital
Asset
Digital
Asset
Digital
Asset
Digital Asset
How do you re-envision the world as products?
Two kinds of products
Advertising

Navigation
Promotions
Customer
Profile
Promotion Content Cartridge
Recommendations
Adaptivehomepage
Search
Cart
Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset
Cart
Account
Account
Search
Promotions
Advertising
Item Item Item Item Item Item
Promo Promo Promo Promo Promo
Item Item Item Item Item
Digital
Asset
Digital
Asset
Digital Asset
Digital
Asset
Digital
Asset
Digital
Asset
Digital Asset
Adaptive
home page
Search
Account Cart
Item Digital asset
Advertising Promotions
Products are delivered by stable “product teams”

The seven wastes of software development
DelaysTask switchingDefects
Handoffs Relearning Partially done
work
Extra features
A product-based model reduces the amount of development waste
By collapsing the entire delivery value stream—from idea to production—we incentivize customer
obsession, results, and the elimination of waste

OCM
Training
Finance
Product management
Cloud leadership team
Business alignment
Sponsorship
Outcomes
KPIs
Product teams at scale
Business integration
Two-pizza teams
Modernization
Innovation
Security
Operations
Platform
Two-pizza teams
Our approach to operating model transformation
applies product principles in four key workstreams

OCM
Training
Finance
Product management
Cloud leadership team
Business alignment
Sponsorship
Outcomes
KPIs
Product teams at scale
Business integration
Two-pizza teams
Modernization
Innovation
Security
Operations
Platform
Two-pizza teams
Today, we’ll focus on the two platform components
of the product-based operating model

AMAZON CONFIDENTIAL
Cloud enablement engine
Enable agility, value, and governance at cloud scale

The cloud
enablement engine is
a product-based
organization
The products it creates enable the
organization to accelerate cloud adoption,
while keeping adoption sustainable
and secure.
Its core mission is to free development
teams to focus on maximizing the cloud’s
benefits with their applications,
instead of focusing on platform or
governance concerns.
Customer
value
Customer
experience
Adoption
Feedback
Experiments
Reduce
time to value
Decouple
Empower

Aligns the products and services offered by cloud platform engineering
with the needs of enterprise customers and leadership
Provides ongoing onboarding, training, and organizational change
management to ensure that the organization successfully navigates and
embraces the move to the cloud
Configures and codifies the AWS platform to align with enterprise
standards for architecture, operations, security, and finance
Packages and continuously improves these standards as
self-service deployable products and consumable services
There are two components of an organization’s
cloud enablement engine

Aligns cloud platform products and services
with the needs of enterprise customers and
leadership, providing ongoing management to
ensure successful movement to the cloud
Cloud business office (CBO) capabilities
PeopleGovernance
Architecture
alignment
Product
management
Delivery
management
Customer
onboarding
Financial
management
Org change
management
Training
Agile execution
support
Status reporting
Cost
optimization
Reporting &
forecasting
Invoice
management
Adoption
support
Curriculum
strategy
Sourcing &
management
Strategy &
execution
CommunicationsProvisioning
Cloud
knowledge hub
Demand
management
Prioritization
and roadmap
Functional work
decomposition
Reference architecture
alignment
Technical work
decomposition
Engineering
support
1 2 3 4
5 6 7
Integration
Organizational
alignment
What products does the cloud business
office provide?

Codifies differences between stock AWS service
configurations and the enterprise’s standards,
packaged and continuously improved as self-
service deployable products to customers
Cloud platform engineering (CPE) products
PlatformOperationsSecurity
Core platformCodified patterns
Operate & manageBuild, test & deploy
Detect & respond
Configuration management
Enterprise “stacks”
Core networking
Accounts, IAM & SSO
CaaS/FaaS
CI/CD & release management
Configuration management
Source code & artifact repositories
Telemetry, alerts & insights
Patch, backup & restore
ITSM & self-service
Threat & vulnerability management
Security information & event
management
Incident response & forensics
Define & enforce
IAM & policy management
Network security
Secrets & encryption
9
10
8
What products does cloud platform engineering
provide?

Cloud operations Security operations
Cloud leadership team Executives
CEO
COO
CFO
CDO
CRO
CISO
CIO
CTO
CHRO
Together, the cloud enablement engine’s teams support many
internal customers
Software development teams
Sustain Optimize Grow
69
Platform Operations Security
Core
platform
Build, test
& deploy
Operate
& manage
Define
& enforce
Detect
& respond
Codified
patterns
PeopleBusiness & governance
Architecture
alignment
Product
management
Delivery
management
Customer
onboarding
Financial
management
Org change
management
Training

Product
management
Product
design
Product
eng. & test
Product
operations
Viability
Desirability
Feasibility
Operability
IT | Engineering manager
Career development
Accountable for team execution,
delivery quality, team-member
performance and development, and
overall HR responsibilities
IT | Engineers
Feasibility & operability
Accountable for product technical
feasibility and delivery across the
platform, operations & security; and
engineering, testing & (again) operations
IT | Scrum master
Productivity
Facilitates Agile process and ensures
forward progress toward business
outcomes by the product team
IT | Product owners
Singularly accountable for
platform vision and its
viability from a business
perspective
Viability
Fin | Financial analysts
Financial budgeting,
tracking, and reporting;
showbacks/chargebacks
and cost optimization
Workforce preparedness,
communications, training,
resource, and career
management plans
HR | OCM specialists
Translates business objectives
and governance requirements
to platform architecture
IT | Cloud architects
Desirability
The “cloud foundation team” is your first “product team”
End-to-end accountability is established by creating a dedicated team of business, design,
engineering, and operations disciplines

Cloud
foundation team
How do you start your cloud enablement engine?
Think big, but start small. Launch a cloud foundation team and a small number of development
teams to start the flywheel. Scale as the customer’s cloud transformation accelerates and expands.
Platform,governance&people
PeopleBusiness & governance
71
Platform Operations Security
Architecture
alignment
Core
platform
Build, test
& deploy
Operate
& manage
Define
& enforce
Detect
& respond
Product
management
Delivery
management
Customer
onboarding
Financial
management
Codified
patterns
Org change
management
Training &
applied learning
Applications
Software development teams
Sustain Optimize Grow

Platform
Operations
Security
Product Architecture
Onboarding
OCM
Financial Delivery TrainingCloud leader
Product owner
Financial analyst
OCM/training specialist
Cloud architect
Platform engineers
Architecture
alignment
Product
management
Onboarding
Financial
management
Training
Org change
management
Delivery management
Initial cloud enablement engine
(6–12 months)
Platform
Operations
Security
Cloud foundation
team
(0–6 months)
Cloud enablement engine @ scale
(12+ months)
How do I build and scale a cloud enablement engine?

Build the cloud talent you need from the people
you already have
Architecture Infrastructure Operations Security
Business/IT
alignment
Project
management
Data Applications
Cloud Enterprise
Architect
Cloud Operations
Architect
Cloud Security
Architect
Cloud
Infrastructure
Engineer
Cloud Operations
Engineer
Cloud SysOps
Admin
Cloud Security
Engineer
Cloud SecOps
Admin
Product Owner Agile Scrum
Master
Cloud Data
Engineer
Cloud AI/ML
Engineer
Cloud Data
Scientist
Cloud Solutions
Architect
Cloud Software
Engineer
Enterprise
Architect
Operations
Architect
Security Architect
Compute Engineer
Storage Engineer
Network Engineer
Middleware
Engineer
App Platform
Engineer
Build/Release
Engineer
Capacity Planner
Incident
Management
Security Engineer
IAM Engineer
Policy &
Compliance
Relationship
Managers
Portfolio
Managers
Senior Business
Analyst
Project Manager
Product Manager
Data Platform
Engineer
Database Admin
Data Architect
Enterprise
Architect
Solutions
Architect
Application
Developer
CloudroleTypicallysourcedfrom

AWS Cloud 101
basic education
Role-based foundational
cloud education
Role-based hands-on
ramp-up training
Product team
DevOps training
Area of depth
specialty training
Target
audience
All stakeholders impacted by
AWS Cloud adoption
Stakeholders who will make
decisions related to AWS
cloud adoption
AWS Cloud Platform team,
Software Development teams,
Operations teams
AWS Cloud Platform team,
DevOps teams
Resources who need an
in-depth understanding of
security, advanced networking,
or big data
Optionsfor
modeofdelivery
• AWS Immersion Day
• AWSome Day
• AWS Essentials courses
• Online training by
third-party provider
• Hybrid curriculum facilitated
by an SME/mentor
• Hybrid curriculum with
AWS mentor
in-house mentor
• DevOps immersion centers
AWS mentor
in-house mentor
• Hybrid curriculum
A hybrid curriculum is a combination of instructor-led training, whitepapers, videos, and online learning from AWS and third-party vendors
AWS
certification
• Cloud practitioner • SA—associate
• SysOps administrator
• Developer
• SA—professional
• DevOps engineer • Security
• Advanced network
• Big data
Help them along with a comprehensive approach
to education and training

Why are you migrating to the cloud? How will the cloud drive business outcomes?
Which applications are you thinking of for your first wave of migrations?
What operational capabilities are needed to support these applications?
Who should be on your cloud foundation team?
How are you going to measure the team’s success (e.g., KPIs)?
1
2
4
3
5
Getting started: Five things to think about

• Work through the five questions internally
• Schedule a people & operating model (“POP”) workshop
• Create and enable a cloud foundation team during MRP
• Ask your account managers about briefings/workshops on
other migration topics: cloud business case, security topics,
and a migration immersion day
1
2
4
3
Next steps

S E A T T L E
Elevate Your Security
With the Cloud
Shllomi Ezra
AWS Sr. Business Development Manager - Security Services
08.22.19

Why is security traditionally so hard?
Low degree of automationLack of visibility

ORMove fast Stay secure
Before…

ORAND
Now…
Move fast Stay secure
Before…

Path to cloud
Identify & engage
stakeholders
Capability &
enablement
Security OF
the cloud
Operational
model
Security IN
the cloud
Regulations Legal agreements
Establish security
controls (prevent,
detect, respond,
recover)
Regulator approval
or notification
Internal & external
assessment
Engage and plan Security readiness Assess and approve

Shared responsibility model
AWS
Security OF
the Cloud
AWS is responsible for protecting the
infrastructure that runs all of the
services offered in the AWS Cloud
Security IN
the Cloud
Customer responsibility will be
determined by the AWS Cloud
services that a customer selects
Customer

Customers
are responsible for end-to-end
security in their on-premises
data center
Software
Platform, applications, identity, and access management
Operating system, network, and firewall configuration
Customer data
Traditional on-premises security model
Client-side data
Encryption & data integrity
authentication
Server-side data
File system and/or data
Network traffic
Protection (encryption,
integrity, identity)
Hardware/AWS Global Infrastructure
Regions Availability zones Edge locations

Understanding the AWS Shared Responsibility Model
Customers
responsibility for security
“in” the cloud
Platform, applications, identity, and access management
Operating system, network, and firewall configuration
Customer data
Client-side data
Encryption & data integrity
authentication
Server-side data
File system and/or data
Network traffic
Protection (encryption,
integrity, identity)
Software
Hardware/AWS Global Infrastructure
Regions Availability zones Edge locations
AWS
responsibility for security
“of” the cloud

Automate with
comprehensive,
integrated
security services
Inherit global
security and
compliance
controls
Highest standards
for privacy and
data security
Largest network
of security
partners and
solutions
Scale with
superior visibility
and control
Elevate your security with the AWS Cloud

Inherit global security and compliance controls
SOC 1 SOC 2 SOC 3 CJIS
DoD SRG FERPA
SEC Rule
17a-4(f)
GxP MPAA
My
Number
Act
VPAT
Section 508 G-Cloud

Control where your data is stored and who
can access it
Fine-grain identity & access control so
resources have the right access
Reduce risk via security automation and
continuous monitoring
Integrate AWS services with your solutions
to support existing workflows, streamline
ops, and simplify compliance reporting
Scale with visibility and control

Encryption at scale
with keys managed by
our AWS Key
Management Service
(KMS) or managing your
own encryption keys with
AWS CloudHSM using
FIPS 140-2 Level 3
validated HSMs
Meet data
residency
requirements
Choose an AWS Region
and AWS will not
replicate it elsewhere
unless you choose
to do so
Access services and tools
that enable you to
build compliant
infrastructure
on top of AWS
Comply with local
data privacy laws
by controlling who
can access content, its
lifecycle, and disposal
Highest standards for privacy

Threat remediation
and response
Securely deploy business
critical applications
Operational efficiencies to
focus on critical issues
Continuous monitoring
and protection
Automate with integrated services
Comprehensive set of APIs
and security tools

AWS Identity & Access
Management (IAM)
AWS Single Sign-On
AWS Directory Service
Amazon Cognito
AWS Organizations
AWS Secrets Manager
AWS Resource
Access Manager
AWS Security Hub
Amazon GuardDuty
AWS Config
AWS CloudTrail
Amazon
CloudWatch
VPC Flow Logs
AWS Systems Manager
AWS Shield
AWS WAF—Web
application firewall
AWS Firewall Manager
Amazon Inspector
Amazon Virtual Private
Cloud (VPC)
AWS Key Management
Service (KMS)
AWS CloudHSM
AWS Certificate
Manager
Amazon Macie
Server-Side Encryption
AWS Config Rules
AWS Lambda
Identity & access
management
Detective
controls
Infrastructure
protection
Incident
response
Data
protection
AWS security solutions

Protect Detect Respond
Automate
Investigate
RecoverIdentify
AWS Systems
Manager
AWS Config
AWS
Lambda
Amazon
CloudWatch
Amazon
Inspector
Amazon
Macie
Amazon
GuardDuty
AWS
Security Hub
AWS IoT
Device
Defender
KMSIAM
AWS
Single
Sign-On
Snapshot Archive
AWS
CloudTrail
Amazon
CloudWatch
Amazon
VPC
AWS
WAF
AWS Shield AWS Secrets
Manager
AWS
Firewall
Manager
AWS Foundational and Layered Security Services
AWS
Organizations
Personal Health
Dashboard
Amazon
Route 53
AWS
Direct
Connect
AWS Transit
Gateway
Amazon VPC
PrivateLink
AWS Step
Functions
Amazon
Cloud
Directory
AWS
CloudHSM
AWS
Certificate
Manager
AWS
Control
Tower
AWS Service
Catalog
AWS Well-
Architected
Tool
AWS
Trusted
Advisor
Resource
Access
manager
AWS
Directory
Service
Amazon
Cognito
Amazon S3
Glacier
AWS
Security Hub
AWS Systems
Manager AWS CloudFormation
AWS
OpsWorks

How Amazon GuardDuty works?

VPC flow logs
DNS Logs
CloudTrail
Events
FindingsData Sources
Threat
intelligence
Anomaly
Detection
(ML)
AWS Security
Hub
• Remediate
• Partner Solutions
• Send to SIEM
CloudWatch Event
Finding Types
Examples
Bitcoin
Mining
C&C
Activity
Unusual User behavior Example:
• Launch instance
• Change Network Permissions
Amazon GuardDuty
Threat Detection
Types
HIGH
MEDIUM
LOW
Unusual traffic patterns Example:
• Unusual ports and volume
How Amazon GuardDuty works?

Backdoor Finding
Types
Behavior Finding
Types
Crypto Currency
Finding Types
PenTest Finding
Types
54 Finding types and growing (click to learn more)
Persistence Finding
Types
Policy Finding Types
Privilege Escalation
Finding Types
Recon Finding Types
Resource
Consumption Finding
Types
Stealth Finding Types
GuardDuty Trojan
Finding Types
GuardDuty
Unauthorized Finding
Types
What are Amazon GuardDuty findings?

How Amazon Inspector works?
Configure
assessment
Run
assessment
Findings
Remediation
Inspector
Partners
• SIEM
• Reporting
• Ticketing
Store in Database
Vulnerability;
Resource affected;
Recommendation
Take Action
1-Click

How AWS Security Hub works?

AWS Security Hub Benefits
Aggregated
findings
Compliance
standards

Finding Aggregation
Firewalls
Vulnerability
MSSP
Endpoint
Compliance
Other
“Taking Action”
AWS
Security Hub
Amazon
CloudWatch
Events
Partners forwarding findings into AWS Security Hub
Amazon
GuardDuty
Amazon
Inspector
Amazon
Macie
AWS Security Services Forwarding
findings into AWS Security Hub
SIEM
SOAR
Other

Compliance Standards
Based on CIS AWS Foundations Benchmark
• 43 fully automated, nearly continuous checks
• Findings are displayed on main dashboard for
quick access.
• Best practices information is provided to help
mitigate gaps to be in compliance.

Avoid the use of the
"root" account
Ensure CloudTrail is
enabled in all regions
Ensure no Security
groups allow ingress
from 0.0.0.0/0 to port
22
Ensure IAM policies
that allow full "*:*"
administrative
privileges are not
created
Examples:
43 pre configured rules for CIS

Example: 1.1 Avoid the use of the "root" account

Infrastructure security
Logging
& monitoring
Identity &
access control
Configuration
& vulnerability analysis
Data
protection
Largest ecosystem of security partners and solutions

Security engineering
Governance, risk,
& compliance
Security operations
& automation
Consulting competency partners with
demonstrated expertise

• Looks for fraud, abuse, and insider trading over
nearly 6 billion shares traded in U.S. equities markets
every day
• Processes approximately 6 terabytes of data and
37 billion records on an average day
• Went from 3–4 weeks for server hardening to
3–4 minutes
• DevOps teams focus on automation and tools to raise
the compliance bar and simplify controls
• Achieved incredible levels of assurance for
consistencies of builds and patching via rebooting
with automated deployment scripts
—John Brady, CISO FINRA
Financial industry regulatory authority
“I have come to realize that as a relatively
small organization, we can
be far more secure in the cloud and
achieve a higher level of assurance at a
much lower cost, in terms of effort and
dollars invested. We determined that
security in AWS is superior to our
on-premises data center across several
dimensions, including patching,
encryption, auditing and logging,
entitlements, and compliance.”

• Migrated all-in on AWS in under 12 months,
becoming a HIPAA-compliant cloud-first organization
• New York-based startup leveraged infrastructure as
code to securely scale to 6 million patients per month
• Data liberation—use data to innovate and drive more
solutions for patients, reducing patient wait times
from 24 days to 24 hours
• Maintain end to end visibility of patient data
using AWS
Online medical care scheduling
—Chief Information Security Officer (CISO)
“Previously all our servers were configured
and updated by hand or through limited
automation, we didn’t take full advantage
of a configuration management…All our
new services are built as stateless docker
containers, allowing us to deploy and
scale them easily using Amazon’s ECS.”
“AWS allowed us to scale our business to
handle 6 million patients a month and
elevate our security—all while
maintaining HIPAA compliance—as we
migrated 100% to cloud in less than
12 months.”

• Vodafone Italy is a prominent player in the Italian
mobile phone market with over 30 million users
• With a rise in SIM transactions, the company wanted
to find a way to make it easier for customers to
top up using a credit or debit card—and since each
SIM card contains valuable personal information,
that solution needed to be not only flexible, but
also secure
• With AWS Cloud, Vodafone Italy was able to users to
purchase credits online with strong security and be
compliant with the Payment Card Industry Data
Security Standard (PCI DSS)
• With the muscle of the AWS cloud behind it,
Vodafone easily managed top-up requests through
the new service as it grew to several thousand daily
and spread to multiple online channels, including
social media platforms
Mobile top-up service
—Stefano Harak, Online Senior Product Manager
“Amazon Web Services was the clear
choice in terms of security and PCI DSS
Level 1 compliance compared to an
on-premises or co-location data
center solution.”
“Using AWS, we were able to design and
launch a security-compliant solution in
three months while reducing our capital
expenses by 30 percent.”

Thank you!

Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

Similar a Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019 (20)

Más de Amazon Web Services

Más de Amazon Web Services (20)

Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019