cloudcamp chicago nov 2104 fintech - john downey's "a hypothetical public cloud do...

"A Hypothetical Public Cloud Do Over" !

John Downey, Product Developer and Security Lead at Braintree !!Tweet: @jtdwney #cloudcamp

#cloudcamp @CloudCamp_CHI

Sponsored by

Hosted by

A HypotheticalPublic Cloud Do Over

1

2

Gateway

3

Why• Hypothetical exercise

• Fun to think about

• Most of this didn't exist when we started

4

Amazon Web Services• PCI Level 1 Service Provider

• Where our experience is

• A lot of movement happening

• Newer offerings

• Virtual Private Cloud (VPC)

• CloudHSM

5

Virtual Private Cloud (VPC)

6

7

8

Bank Connectivity• VPN hardware

• MPLS link

• Can't do with regular EC2 !

9

VPC• Replaces the network backing of AWS

• EC2

• RDS

• many others

• Allows greater control over IP addressing

10

Bridge AWS to real hardware!

11

Hardware Security Module

(HSM)

12

13

Security• Store keys in taper resistant way

• Acceleration for cryptographic operations

• Makes certain audits much easier

14

CloudHSM• Pricey

• $5,000 upfront for one

• $1,373 average per month

• You'll probably want at least two

15

Disaster Recovery

16

Disaster Recovery• Capacity planning can be hard

• Physical hardware has lead times

• Run Multi-region

17

Photos• https://flic.kr/p/8avArb• https://flic.kr/p/8eRC2

18