Insights from AWS re:Invent 2016

Amazon's annual AWS re:Invent took place last week in Las Vegas, and our cloud team was there to talk to participants and other industry professionals.  We had a booth where we offered demos of our AWS ready products, and we gave away prizes worth over $20,000.

Events like these are great learning environments, and our team members walked away with new ideas and fresh enthusiasm.  Here are some of key points that they brought with them when they returned to the office this morning:

Lior Gavish:  Vice President, Content Security Services

Access to data will be the key differentiator moving forward. The public cloud exposes unbelievable capabilities around machine learning, big data processing and infrastructure in general. Companies will no longer be limited by access to scarce data science, engineering and ops talent. Instead, access to valuable data and creativity in putting it to use will become their competitive advantage.

Security is increasingly about visibility and management at scale. In a public cloud environment, we no longer have to worry about protecting individual machines, networks or applications. There are extremely powerful tools to manage that. Increasingly, the challenge is around configuring, monitoring and enforcing policies for these tools at large scale.  Companies may need to quickly scale hundreds to thousands of resources across a web of loosely coupled services and applications.

Containers are mainstream, the future is serverless. Containers are rapidly becoming the standard way to develop and ship applications, and are already live in production for some of the most mainstream enterprises. The future is serverless, with more and more mature tools around it.

Tushar Richabadas:  Product Manager for the Barracuda Web Application Firewall 

Everyone needs a DDoS Solution, and now AWS offers it.  AWS’s in house DDoS solution was never really discussed publicly in much detail earlier. Most people knew that it existed and could help out, but this year, they have actually productized it. There are two parts to this. The first of course is AWS Shield. This is a paid service that deals with Volumetric DDoS attacks. The other is the ability to raise a case on their support center when you are under DDoS – if you aren’t a Shield customer. This gets routed to the Blackwatch team, who will help you deal with the DDoS.

Coming on the back of the record-breaking Mirai botnet DDoS attacks, this is a much needed feature that will reassure a lot of customers.

Application Security matters, and everyone is talking about it now. A lot of our conversations at re:Invent have been about the Barracuda Web Application Firewall. We see more and more customers wanting to trial the WAF and deploy it to protect their applications on AWS. Quite a few sessions focused on the AWS WAF as well, and were fully booked. An interesting number of customers were asking about how they could protect their AWS API Gateway deployments with the Barracuda Web Application Firewall.

Hybrid cloud security is a pain point.  A lot of previously skeptical organizations are consolidating and moving into the cloud. A significant part of the conversation for them is hybrid security and connectivity. On-prem security teams need to figure out how they will work with the cloud security teams to set up connectivity and security. Demarcs between the two need to be drawn up and the planning and setting up of these hybrid clouds is a significant effort for many organizations in the coming year.

Sanjay Ramnath:  Vice President, Security Products and Business Strategy 

Shared security is in the foreground.  Amazon reinforced their shared security message that “Amazon is responsible for the security of the cloud, the customer is responsible for the security of the workloads that are deployed in the cloud”. This amplifies the need for purpose built, easy to use third party security solutions. This is especially visible in the application security area as more customer move their applications to AWS. I was blown away by the number of WAF conversations we had, especially with small and medium businesses.

Infrastructure is more accessible.  AWS is driving the evolution from “Network Administration” to “Network Orchestration”. They want to make infrastructure accessible to the devops and builders by cutting out the middleman. AWS provides a very vast and rich set of tools for developers to automate their workflows. Third party solutions need to be fully integrated into the AWS fabric to make it easy for the “builders” to leverage all these capabilities.

“Hybrid” will stay for at least another 5 years.  Tushar is correct in his assessment of hybrid cloud security. The role of the firewall has evolved from a pure security solution to a network connectivity and traffic optimization solution that can span on-premises and cloud surfaces. Traditional firewall architectures are challenged by this. Barracuda is uniquely positioned to solve this problem.

Fleming Shi:  Senior Vice President, Advanced Technology Engineering

From AWS Platform perspective:

Infrastructure, Solved! Whatever needs you have, they have an instance type for you.  From Lightsail ($5/mo) to Hardware-Accelerated F1, they got everything you need.  Example: The new I3 type will be great for our C* cluster.  I think they have covered the entire spectrum of workload needs by now.

From Software Architecture & Development perspective:

AWS Native Services;  Amazon is aggressively driving native service adoption which leads to more efficient consumption of their platform while benefiting from their massive infrastructure.   Lift & Shift workloads is for the past, they recommend re-architect and re-write and leverage all the tools and elasticity of AWS;  Beyond Lambda, from Polly, Lex to Athena… they are adding these serverless, API based services in a very rapid pace.  

Micro-Services Architecture with Docker containers; While AWS is pushing native building blocks and constructs for the applications, many companies chose to use Dockerized containers to gain even better cost efficiency and portability within AWS.   As an extreme example, we see very successful applications running multiple homogenous containers on a single instance for cost/performance efficiency.  (Note: Great validation of what we have done with BRS, and we are leveraging the fact that our future Platform 4 supports Docker containers making it more universal in our product offerings.)

Self-servicing Engineering Teams;  Teams with limited resources are actively building, self-servicing very large scale applications in AWS.  One gaming company has 200+ Micro-Services and growing with only 8 engineers; The engineers are utilizing the AWS CI & CD tools with build, QA, deploy, monitoring and alert capabilities.  They claim to handle 100’s of mini-releases in a week. 

Security First; Developers using AWS platform should have security awareness from the very beginning.  They now offer native tools to harden your AWS resources against the published CIS AWS Foundations Framework which examines 40+ controls; and provide a report card.  I saw many companies building tools to audit Security Groups and IAM policies via AWS APIs.

As you can see, even our most experienced professionals walked away from AWS re:Invent with something new.

If you'd like to try any of our AWS solutions, visit our corporate site here.