cloudcamp chicago nov 2104 fintech - john downey's "a hypothetical public cloud do...
TRANSCRIPT
"A Hypothetical Public Cloud Do Over" !
John Downey, Product Developer and Security Lead at Braintree !!Tweet: @jtdwney #cloudcamp
#cloudcamp @CloudCamp_CHI
Sponsored by
Hosted by
A HypotheticalPublic Cloud Do Over
1
2
Gateway
3
Why• Hypothetical exercise
• Fun to think about
• Most of this didn't exist when we started
4
Amazon Web Services• PCI Level 1 Service Provider
• Where our experience is
• A lot of movement happening
• Newer offerings
• Virtual Private Cloud (VPC)
• CloudHSM
5
Virtual Private Cloud (VPC)
6
7
8
Bank Connectivity• VPN hardware
• MPLS link
• Can't do with regular EC2 !
9
VPC• Replaces the network backing of AWS
• EC2
• RDS
• many others
• Allows greater control over IP addressing
10
Bridge AWS to real hardware!
11
Hardware Security Module
(HSM)
12
13
Security• Store keys in taper resistant way
• Acceleration for cryptographic operations
• Makes certain audits much easier
14
CloudHSM• Pricey
• $5,000 upfront for one
• $1,373 average per month
• You'll probably want at least two
15
Disaster Recovery
16
Disaster Recovery• Capacity planning can be hard
• Physical hardware has lead times
• Run Multi-region
17
Photos• https://flic.kr/p/8avArb• https://flic.kr/p/8eRC2
18