SlideShare una empresa de Scribd logo

Securing Content in the Cloud

ETCenter
ETCenter

The last 3 years have seen a major shift in how Hollywood film studios view public cloud usage. WIth an increased awareness and generally acceptance of the security and scalability these clouds offers to the VFX and animation vendors creating pre-release content, the focus has now shifted to ensuring best practices implementation. Speaker: Adrian Graham, Google

Tecnología
1 de 44
Descargar para leer sin conexión
Proprietary + Confidential #NABShow Securing Content in the Cloud Adrian Graham Cloud Solutions Architect March 20, 2017
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Why security?
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Overview On-premises infrastructure Cloud infrastructure Connecting to cloud Hybrid infrastructure Secure all the things! Further reading
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential On-premises infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes Local Workstations On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server Render Workers Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Asset Mgmt Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Cloud infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache NFS File Server Data ingress Data ingress/egress
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses Read-through Cache
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses LDAP sync
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Stackdriver LoggingData ingress Data ingress/egress On-prem licenses LDAP sync
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Connecting to cloud
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway Cloud Router
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud Interconnect Cloud VPN VPN Gateway Cloud Router
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Hybrid infrastructure (better put on your glasses for this next slide…)
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes APIs: gcloud, gsutil, ssh, rsync, etc File Server Local Workstations Queue Manager Physical Cache License Server Accelerated UDP Transfer Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync Project data I/O License requests Queue Manager dispatching Project database communication VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential How do we secure all the things?
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud Platform resource hierarchy
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Projects and access Granting access Manage your organization's identities with G Suite. Implement Google Cloud Directory Sync. gcloud SDK, Compute Engine API Authentication is performed by the SDK itself. Credentials are picked up by the API client libraries. Automating security checks Implement Forseti Security to run periodic checks for policy compliance. https://github.com/GoogleCloudPlatform/forseti-security Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Controlling user access Cloud IAM Create and manage permissions at multiple levels. Service accounts Access Google services and resources programmatically. Access scopes Set permissions at the resource level. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Proprietary + Confidential #NABShow Identity & Access Management Who (principal) User Service Accounts Group Domain Can do what Roles: collection of permissions Authorization Tokens On which resource Project VM, bucket… Resource folder Cloud IAM unifies access control under a single system. Create and manage permissions at the organization, project and resource levels. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption key management Cloud storage All data is encrypted at rest using either AES128 or AES256 encryption. Data is always encrypted before it's written to disk. Cloud KMS Store encryption keys centrally in the cloud, for use by cloud services. Let Google manage your keys, or manage keys yourself. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Network security Networks and subnetworks Isolate resources on separate networks to add an extra level of security. Subnetworks are created automatically, one for each compute zone. Firewall rules Rules apply to the entire network. To allow incoming traffic, you must create 'allow' firewall rules. External IP addresses Ability to disable the assignment of an external IP on instance creation. The instance will then only be visible over VPN, or from within the network. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Disk images Public Compute Engine offers many preconfigured public images. Each OS image has been configured to work closely with Google Cloud Platform services and resources. Custom Use your own custom image, but ensure you comply with security best practices. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connectivity Google Cloud VPN Regardless of how you're connected to Google, you must secure your connection with a Virtual Private Network (VPN). Direct peering Connect directly to a Google PoP. This is typically the fastest option. Cloud interconnect Connect to Google using a service provider. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow File systems Object-based Encrypted, localized, available worldwide. Pipeline implications, however. POSIX-compliant Known as Persistent Disk (PD) on GCP. The security features of object-based storage, available as an NFS server. Other filesystems Clustered or caching filesystems are also available, however they are not under the management of IAM or other Google security mechanisms. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption Storage security Security features are consistent across storage classes. By default, Google manages encryption keys. When is data encrypted? Both at rest and in-transit. If using VPN (which you should), data is encrypted before leaving on-prem. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Transferring data SDK and API gsutil, gcloud, rsync, ssh can be used, but we recommend gsutil for anything less than 10Gb in size. UDP-based Aspera, Tervela Cloud FastPath, BitSpeed Velocity or FDT are all options, however they're all third-party services and are not managed by Google. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Logging Stackdriver Can be used as a secure logging server for a variety of pipelines. Able to ingest thousands of concurrent log streams. Audit logging Monitor project-based admin activity. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Other considerations Queue management Use the gcloud command to communicate with Google Cloud, rather than via ssh. Consider running your queue system entirely on Google Cloud Platform. Custom software There are a number of client libraries available for use by third-party software API. Each library provides methods for OAuth2.0 authorization. Licensing Use your own on-prem license server across a VPN. Running a license server in the cloud. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
Proprietary + Confidential #NABShow Best Practices for Enterprise Organizations Google Infrastructure Security Design Overview Encryption at Rest in Google Cloud Platform Securely Connecting to VM Instances Google Security Whitepaper Using IAM Securely Configuring Imported Images Further reading
Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Questions?
THANK YOU

Recomendados

Building Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSBuilding Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSETCenter
 
Cloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesCloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesETCenter
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18CodeOps Technologies LLP
 
MAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSMAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...Amazon Web Services
 
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...Amazon Web Services
 

Recomendados

Building Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSBuilding Highly Scalable Immersive Media Solutions on AWS
Building Highly Scalable Immersive Media Solutions on AWSETCenter
 
Cloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesCloud Transition Patterns for Media Enterprises
Cloud Transition Patterns for Media EnterprisesETCenter
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Amazon Web Services
 
Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18Microservices for Startups - Donnie Prakoso - AWS - CC18
Microservices for Startups - Donnie Prakoso - AWS - CC18CodeOps Technologies LLP
 
MAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSMAE405_Build a 360° Immersive Media Video Solution on AWS
MAE405_Build a 360° Immersive Media Video Solution on AWSAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...Amazon Web Services
 
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...
AWS Compute: What’s New in Amazon EC2, Containers and Serverless - CMP218 - r...Amazon Web Services
 
HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformCobus Bernard
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakAmazon Web Services
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsAmazon Web Services
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsKent Plummer
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2HoseokSeo7
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeAmazon Web Services
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 Amazon Web Services
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesKen Cenerelli
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Amazon Web Services
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSEagleDream Technologies
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudAmazon Web Services
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSEagleDream Technologies
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetTim Nolet
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...Nicolas Bortolotti
 

Más contenido relacionado

La actualidad más candente

HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformCobus Bernard
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakAmazon Web Services
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsAmazon Web Services
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsKent Plummer
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2HoseokSeo7
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Amazon Web Services
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Amazon Web Services
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeAmazon Web Services
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 Amazon Web Services
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesKen Cenerelli
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Amazon Web Services
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSEagleDream Technologies
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingAmazon Web Services
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudAmazon Web Services
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017Amazon Web Services
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeAmazon Web Services
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSEagleDream Technologies
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetTim Nolet
 

La actualidad más candente (20)

HashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with TerraformHashiTalks Africa - Going multi-account on AWS with Terraform
HashiTalks Africa - Going multi-account on AWS with Terraform
 
Common Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan ZoltakCommon Application Architecture Patterns – Dan Zoltak
Common Application Architecture Patterns – Dan Zoltak
 
CTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video WorkflowsCTD405_Building Serverless Video Workflows
CTD405_Building Serverless Video Workflows
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
 
Aws container webinar day 2
Aws container webinar day 2Aws container webinar day 2
Aws container webinar day 2
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
 
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
Best Practices for Implementing Your Encryption Strategy Using AWS Key Manage...
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_SingaporeDeep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
Deep Dive - Amazon Relational Database Services_AWSPSSummit_Singapore
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構
 
Build end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media ServicesBuild end-to-end video experiences with Azure Media Services
Build end-to-end video experiences with Azure Media Services
 
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
Moving to Amazon ECS – the Not-So-Obvious Benefits - CON356 - re:Invent 2017
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
Preparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security TrainingPreparing for AWS Certification & Advanced Security Training
Preparing for AWS Certification & Advanced Security Training
 
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS CloudDEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
 
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
VMware Cloud on AWS Technical Deep Dive - ENT303 - re:Invent 2017
 
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@EdgeCTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
CTD201_Introduction to Amazon CloudFront and AWS Lambda@Edge
 
Pitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWSPitt Immersion Day Module 4 - storage in AWS
Pitt Immersion Day Module 4 - storage in AWS
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
 

Similar a Securing Content in the Cloud

Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...Nicolas Bortolotti
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveKristana Kane
 
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...Amazon Web Services
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Designjonmccoy
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
Bulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit AucklandBulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit AucklandBulletproof
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSJan Löffler
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Amazon Web Services
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 

Similar a Securing Content in the Cloud (20)

Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
NEW LAUNCH! Push Intelligence to the edge with Greengrass - IOT209 - re:Inven...
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Bulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit AucklandBulletproof & Xero Presentation - AWS Summit Auckland
Bulletproof & Xero Presentation - AWS Summit Auckland
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 

Más de ETCenter

How broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sportsHow broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sportsETCenter
 
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...ETCenter
 
Looking beyond the script
Looking beyond the scriptLooking beyond the script
Looking beyond the scriptETCenter
 
Cloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-DemandCloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-DemandETCenter
 
IP for Sports broadcast
IP for Sports broadcast IP for Sports broadcast
IP for Sports broadcast ETCenter
 
The distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital worldThe distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital worldETCenter
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsETCenter
 
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAINBLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAINETCenter
 
Graymeta C4 use case, Deduplication
Graymeta C4 use case, DeduplicationGraymeta C4 use case, Deduplication
Graymeta C4 use case, DeduplicationETCenter
 
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC ETCenter
 
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC ETCenter
 
Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC ETCenter
 
Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...ETCenter
 
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABCETCenter
 
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...ETCenter
 
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCBig Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCETCenter
 
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalystAn Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalystETCenter
 
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...ETCenter
 
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...ETCenter
 
Day 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik WeaverDay 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik WeaverETCenter
 

Más de ETCenter (20)

How broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sportsHow broadcasters can get in the VR game with sports
How broadcasters can get in the VR game with sports
 
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
Improve Efficiency by Double Digits – Leveraging Artificial Intelligence and ...
 
Looking beyond the script
Looking beyond the scriptLooking beyond the script
Looking beyond the script
 
Cloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-DemandCloud Apps for Media Processing: IMF Packaging-on-Demand
Cloud Apps for Media Processing: IMF Packaging-on-Demand
 
IP for Sports broadcast
IP for Sports broadcast IP for Sports broadcast
IP for Sports broadcast
 
The distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital worldThe distributive aspect of cloud on the digital world
The distributive aspect of cloud on the digital world
 
Hacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assetsHacking IoT: the new threat for content assets
Hacking IoT: the new threat for content assets
 
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAINBLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
BLOCKCHAIN & THE HOLLYWOOD SUPPLY CHAIN
 
Graymeta C4 use case, Deduplication
Graymeta C4 use case, DeduplicationGraymeta C4 use case, Deduplication
Graymeta C4 use case, Deduplication
 
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
WRAST, Worldwide Repository for Assets. Project Cloud QTR meeting @ Disney/ABC
 
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
Object storage is awesome.. ETC "Project Cloud" QTR meeting @ Disney/ABC
 
Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC Federated identity, Project Cloud QTR meeting @ Disney/ABC
Federated identity, Project Cloud QTR meeting @ Disney/ABC
 
Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...Security + Cloud: What studios and vendors need to consider when adopting clo...
Security + Cloud: What studios and vendors need to consider when adopting clo...
 
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
"The Suitcase" Project Cloud QTR meeting presentation @ Disney/ABC
 
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
Open Source Framework for Deploying Data Science Models and Cloud Based Appli...
 
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USCBig Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
Big Data/DIG: Domain-Specific Insight Graphs by Pedro Szekely of ISI/USC
 
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalystAn Introduction to Data Gravity by John Tkaczewski of FileCatalyst
An Introduction to Data Gravity by John Tkaczewski of FileCatalyst
 
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
This Is Not Your Parent’s Storage: Transitioning to Cloud Object Storage by I...
 
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
OpenStack meets TV Everywhere: Peanut Butter and Chocolate by Yuval Fisher of...
 
Day 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik WeaverDay 3 Conference Welcome by Erik Weaver
Day 3 Conference Welcome by Erik Weaver
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Securing Content in the Cloud

  • 1. Proprietary + Confidential #NABShow Securing Content in the Cloud Adrian Graham Cloud Solutions Architect March 20, 2017
  • 2. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Why security?
  • 3. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Overview On-premises infrastructure Cloud infrastructure Connecting to cloud Hybrid infrastructure Secure all the things! Further reading
  • 4. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential On-premises infrastructure
  • 5. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes Local Workstations On-premise infrastructure
  • 6. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations On-premise infrastructure
  • 7. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server On-premise infrastructure
  • 8. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 9. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 10. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow On-premise infrastructure Asset Mgmt Render Farm Nodes File Server Local Workstations Queue Manager License Server Render Workers Render Workers Render Workers On-premise infrastructure
  • 11. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Cloud infrastructure
  • 12. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Data ingress/egress
  • 13. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Data ingress Data ingress/egress
  • 14. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Data ingress Data ingress/egress
  • 15. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache NFS File Server Data ingress Data ingress/egress
  • 16. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses Read-through Cache
  • 17. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Data ingress Data ingress/egress On-prem licenses LDAP sync
  • 18. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud infrastructure Rendering VMs Compute Engine Assets Cloud Storage Read-through Cache Users Cloud IAM NFS File Server Cloud-based License Server Stackdriver LoggingData ingress Data ingress/egress On-prem licenses LDAP sync
  • 19. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Connecting to cloud
  • 20. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure
  • 21. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway
  • 22. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud VPN VPN Gateway Cloud Router
  • 23. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connecting to cloud Render Farm Nodes Render Workers Render Workers On-premise infrastructure Cloud Interconnect Cloud VPN VPN Gateway Cloud Router
  • 24. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential Hybrid infrastructure (better put on your glasses for this next slide…)
  • 25. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 26. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes File Server Local Workstations Queue Manager Physical Cache License Server Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 27. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Hybrid infrastructure On-premise infrastructure Asset Mgmt dB Render Farm Nodes APIs: gcloud, gsutil, ssh, rsync, etc File Server Local Workstations Queue Manager Physical Cache License Server Accelerated UDP Transfer Cloud Interconnect Cloud VPN Read-through Cache Rendering VMs Compute Engine Assets Cloud Storage Users Cloud IAM NFS File Server Users & Admins Users & Admins Cloud Directory Sync Project data I/O License requests Queue Manager dispatching Project database communication VPN Gateway Cloud Router Cloud-based License Server Stackdriver Logging
  • 28. Proprietary + ConfidentialProprietary + Confidential Proprietary + Confidential How do we secure all the things?
  • 29. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Cloud Platform resource hierarchy
  • 30. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Projects and access Granting access Manage your organization's identities with G Suite. Implement Google Cloud Directory Sync. gcloud SDK, Compute Engine API Authentication is performed by the SDK itself. Credentials are picked up by the API client libraries. Automating security checks Implement Forseti Security to run periodic checks for policy compliance. https://github.com/GoogleCloudPlatform/forseti-security Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 31. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Controlling user access Cloud IAM Create and manage permissions at multiple levels. Service accounts Access Google services and resources programmatically. Access scopes Set permissions at the resource level. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 32. Proprietary + Confidential #NABShow Identity & Access Management Who (principal) User Service Accounts Group Domain Can do what Roles: collection of permissions Authorization Tokens On which resource Project VM, bucket… Resource folder Cloud IAM unifies access control under a single system. Create and manage permissions at the organization, project and resource levels. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 33. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption key management Cloud storage All data is encrypted at rest using either AES128 or AES256 encryption. Data is always encrypted before it's written to disk. Cloud KMS Store encryption keys centrally in the cloud, for use by cloud services. Let Google manage your keys, or manage keys yourself. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 34. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Network security Networks and subnetworks Isolate resources on separate networks to add an extra level of security. Subnetworks are created automatically, one for each compute zone. Firewall rules Rules apply to the entire network. To allow incoming traffic, you must create 'allow' firewall rules. External IP addresses Ability to disable the assignment of an external IP on instance creation. The instance will then only be visible over VPN, or from within the network. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 35. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Disk images Public Compute Engine offers many preconfigured public images. Each OS image has been configured to work closely with Google Cloud Platform services and resources. Custom Use your own custom image, but ensure you comply with security best practices. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 36. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Connectivity Google Cloud VPN Regardless of how you're connected to Google, you must secure your connection with a Virtual Private Network (VPN). Direct peering Connect directly to a Google PoP. This is typically the fastest option. Cloud interconnect Connect to Google using a service provider. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 37. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow File systems Object-based Encrypted, localized, available worldwide. Pipeline implications, however. POSIX-compliant Known as Persistent Disk (PD) on GCP. The security features of object-based storage, available as an NFS server. Other filesystems Clustered or caching filesystems are also available, however they are not under the management of IAM or other Google security mechanisms. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 38. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Encryption Storage security Security features are consistent across storage classes. By default, Google manages encryption keys. When is data encrypted? Both at rest and in-transit. If using VPN (which you should), data is encrypted before leaving on-prem. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 39. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Transferring data SDK and API gsutil, gcloud, rsync, ssh can be used, but we recommend gsutil for anything less than 10Gb in size. UDP-based Aspera, Tervela Cloud FastPath, BitSpeed Velocity or FDT are all options, however they're all third-party services and are not managed by Google. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 40. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Logging Stackdriver Can be used as a secure logging server for a variety of pipelines. Able to ingest thousands of concurrent log streams. Audit logging Monitor project-based admin activity. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 41. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Other considerations Queue management Use the gcloud command to communicate with Google Cloud, rather than via ssh. Consider running your queue system entirely on Google Cloud Platform. Custom software There are a number of client libraries available for use by third-party software API. Each library provides methods for OAuth2.0 authorization. Licensing Use your own on-prem license server across a VPN. Running a license server in the cloud. Projects and access Controlling user access Encryption key mgmt Network security Disk images Connectivity File systems Encryption Transferring data Logging Other
  • 42. Proprietary + Confidential #NABShow Best Practices for Enterprise Organizations Google Infrastructure Security Design Overview Encryption at Rest in Google Cloud Platform Securely Connecting to VM Instances Google Security Whitepaper Using IAM Securely Configuring Imported Images Further reading
  • 43. Source: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis non erat sem Proprietary + Confidential #NABShow Questions?