Preparing for Systems of Record in the Cloud

Pages 38
Views 5
of 38
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Description
This session will focus on the strategy, the technology, and the review process that customers use to move their most important systems to the cloud. nib Group will discuss their preparations to move a system of record to AWS with a specific focus on the platform built to meet their security, risk, and resiliency requirements. In this session, learn about what they did, lessons learned, and tips on how you could do the samePresenters: Wayne Bozza, Head of Cybersecurity, and Mathew Finch, Head of Emerging Tech, nib Health Funds
Transcript
  • 1. P U B L I C S E C T O R S U M M I T Canberra, ACT
  • 2. ANNUAL GENERAL MEETING 2018 22 Preparing for Systems of Record in the Cloud nib Group AWS Public Sector Summit Canberra Mathew Finch Wayne Bozza
  • 3. ANNUAL GENERAL MEETING 2018 33
  • 4. 44 OUR PURPOSE: YOUR BETTER HEALTH Protecting our members against the financial risk of disease, sickness and injury Access to world-class healthcare wherever members are in the world Helping members better prevent, manage and treat illness
  • 5. 55 Cloud & Data Platforms Secure – Elastic – Resilient Modern Digital Experience Web – Mobile – API Next Gen Core System CRM – Modular – Capability
  • 6. 66 OUR CLOUD VISION Agility & Innovation Culture Experimentation Platform Improved Cyber & Risk Increased Resiliency Reduced Operating Costs Common Group Platform
  • 7. 77 TRANSITION APPROACH Dec 2015 Board Sign Off Apr 2016 First Production Release May 2017 PCI Certified Platform Aug 2017 100 Apps Live 100 Oct 2017 nibby Chatbot Goes Live Feb 2018 Exploring Core System Transition Oct 2015 Proof of Concept Dec 2018 200 Apps Live May 2019 Amazon Connect & Amazon WorkSpaces 200
  • 8. 88 nib RISK CULTURE ”The bigger the brakes, the faster the car…”
  • 9. ANNUAL GENERAL MEETING 2018 99 REGULATORY CONTEXT Local & Global Regulators Overlap with Compliance Requirements Constantly Evolving
  • 10. ANNUAL GENERAL MEETING 2018 1010 REFERENCES APRA Cloud Computing Information Paper AWS Well-Architected Framework
  • 11. 1111 CORE SYSTEM TRANSITION… Iterations
  • 12. DEEP DIVE
  • 13. ANNUAL GENERAL MEETING 2018 1313 KEY AREAS 1 Strategy 2 Operating Model 3 Procurement 4 Project Delivery 5 Governance 6 Solution Architecture 7 Security 8 Resiliency 9 Risk Management Assurance10
  • 14. ANNUAL GENERAL MEETING 2018 1414 Cloud Specific Operating Model Changes
  • 15. ANNUAL GENERAL MEETING 2018 1515 Platform Functional Overview
  • 16. ANNUAL GENERAL MEETING 2018 1616 RED QUEEN PLATFORM TECHNOLOGY Multi-AZ Design Secure Bastions Antivirus Automated Patching CIS Hardened Images Account Separation Amazon RDS Automation Automated DR Tests Application Routers Secrets Management Network Segmentation Continuous DeliverySpeed Safety
  • 17. ANNUAL GENERAL MEETING 2018 1717 Foundations & Patterns
  • 18. ANNUAL GENERAL MEETING 2018 1818 POLICIES AS CODE Policies Standards Codified Patterns Workloads Governance
  • 19. ANNUAL GENERAL MEETING 2018 1919 PATTERNS Features Infrastructu re Web/AP I Extrem e Encryption at Rest & Transit Hardened SOE & Vulnerability Management Automatic High Availability Least Privilege Admin Access Automated Patching Out of Band Point in Time Backup + Recovery Restricted Approved Services Contingency Plan Continuously Tested
  • 20. ANNUAL GENERAL MEETING 2018 2020 RQP GOVERNANCE
  • 21. ANNUAL GENERAL MEETING 2018 2121 Security
  • 22. ANNUAL GENERAL MEETING 2018 2222 SECURITY OPERATIONS Identify Protect Detect Respond Recover Investigate AWS CloudTrail AWS Config AWS Systems Manager AWS CloudWatch AWS Lambda Amazon GuardDuty AWS CloudTrail AWS CloudWatch IAM AWS KMS AWS Secrets Manager Amazon VPC Identify Protect Detect Respond Recover
  • 23. ANNUAL GENERAL MEETING 2018 2323 PRIVILEGED ACCESS MANAGEMENT – “BREAK GLASS” IAM AWS CloudTrail AWS CloudWatch Bastion AWS Systems Manager Security Group Production Amazon EC2 Instance AWS Step Functions Amazon SES Amazon API Gateway AWS Lambda AWS Lambda Run Command AWS KMS Step Functions Timer Unique Encrypted Credentials
  • 24. ANNUAL GENERAL MEETING 2018 2424 Availability
  • 25. ANNUAL GENERAL MEETING 2018 2525 AZ 1 AZ 3AZ 2 AVAILABILITY ARCHITECTURE Health Checks Auto Scaling Immutable Infrastructure Stateless Compute Micro-segmentation Withstand Loss of AZ Public Private Private Auto Scaling group ELB Master/Slave DB
  • 26. ANNUAL GENERAL MEETING 2018 2626 AVAILABILITY – PEOPLE & PROCESS Monitor Detect Action / Alert Track Detection is automatic Standard availability patterns with health checks and monitoring Developers define additional logs and events to monitor Autoscaling is automatic Incidents are tracked & Post Incident Reviews held with relevant stakeholders On call engineer paged if service does not self heal Notifications posted to DevOps and Developers Availability incidents and trends are reviewed in governance forums
  • 27. ANNUAL GENERAL MEETING 2018 2727 AVAILABILITY TESTING – “GORILLA” AZ 1 AZ 3AZ 2 Public Private Private Auto Scaling group ELB Master/Slave DB
  • 28. ANNUAL GENERAL MEETING 2018 2828 Recovery
  • 29. ANNUAL GENERAL MEETING 2018 2929 CODIFIED BACKUP POLICIES Amazon S3 & Amazon RDS Codified policies Application Specific Point in Time Retention Aligned to BCP MFA Delete & Versions Segregation Between Accounts Ephemeral assets Transient assets Amazon RDS Instance level backup Bunker account
  • 30. ANNUAL GENERAL MEETING 2018 3030 RECOVERY Recovery Server Application Server Database Server Backups Bucket Bunker Storage Mirror Recovered DB X Alternate Hosting ProviderDisruption Scenarios: Collusion Between Parties Compromised Credentials Software Errors Replication Issues Failed Deployment
  • 31. ANNUAL GENERAL MEETING 2018 3131 CONTINGENCY Risk Tiering Contingency for Material Services Establish Alternate Service Provider Portability Designs Commercial Exit Clauses
  • 32. • CLICK TO EDIT MASTER TEXT STYLES INSIGHTS
  • 33. 3333 Key Takeaways… So Far Your journey is context specific – there's no silver bullet
  • 34. 3434 Key Takeaways… So Far Your journey is context specific – there's no silver bullet Be ready for ongoing dialogue
  • 35. 3535 Key Takeaways… So Far Your Journey is context specific – there's no silver bullet Be ready for ongoing dialogue Use multiple frameworks and partners
  • 36. 3636 Key Takeaways… So Far Your Journey is context specific – there's no silver bullet Be ready for ongoing dialogue Use multiple frameworks and partners Your cloud journey is not just technical
  • 37. 3737 Key Takeaways… So Far Your Journey is context specific – there's no silver bullet Be ready for ongoing dialogue Use multiple frameworks and partners Your cloud journey is not just technical Remember the people – culture, new skills, new roles, training
  • 38. 3838 Key Takeaways… So Far Your Journey is context specific – there's no silver bullet Be ready for ongoing dialogue Use multiple frameworks and partners Your Cloud Journey is not just Technical Remember the people – culture, new skills, new roles, training Get started now!
  • Advertisements
    Related Documents
    View more...
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x