CIOApplications
static-image
  • Home
  • Applications
      • Auction Software
      • Audit Management
      • Bioinformatics
      • Business Continuity
      • Business Intelligence
      • Chatbot
      • Club Management
      • Collaboration
      • CPQ
      • Custom Software Development
      • CRM
      • Data Platform
      • Digital Experience
      • e-Discovery
      • E-Signature
      • Employee Engagement
      • EAM
      • Enterprise Communications
      • Enterprise Mobility
      • Enterprise Reporting Software
      • Enterprise Search
      • Forestry
      • GIS
      • GRC
      • Human Resource
      • Indoor Positioning
      • Innovation Management
      • InsurTech
      • Intellectual Property
      • IT Infrastructure
      • IT Operations Management
      • IT Service Management
      • License Management
      • Low Code Platform
      • Maintenance Management
      • Managed IT Services
      • MarTech
      • Master Data Management
      • Order Management
      • Parking Management
      • Personalization
      • Portal Software
      • Procurement Tech
      • Publishing Software
      • Quality Management System
      • Remote Monitoring
      • Remote Support
      • RFID
      • Sales Tech
      • Software Asset Management
      • Software Testing
      • Task Management
      • Unified Communications
      • Visitor Management
      • Voice Recognition
      • Web Design and Development
      • Workflow
      • Workplace Management
  • Verticals
      • Automotive
      • Banking
      • BioTechnology
      • Casino
      • Construction
      • CPG
      • Contact Center
      • Education
      • Energy
      • Field Service
      • Fintech
      • Food and Beverages
      • Government
      • Healthcare
      • Legal
      • Life Sciences
      • Logistics
      • Manufacturing
      • Media and Entertainment
      • Retail
      • Travel and Hospitality
      • Utilities
  • Technologies
      • 3D Scanning
      • Agile
      • API
      • Artificial Intelligence
      • Augmented Reality
      • Blockchain
      • CAD/CAM
      • Cloud
      • Container Management
      • Cyber Security
      • Data Analytics
      • Data Center
      • DevOps
      • Drone
      • Graphics
      • Hyper Converged Infrastructure
      • Image Recognition
      • IoT
      • Lidar
      • Machine Learning
      • Machine Vision and Imaging
      • Nano Tech
      • Networking
      • Predictive Analytics
      • PropTech
      • RF and Microwave
      • Robotic Process Automation
      • Robotics
      • Security
      • Simulation
      • Smart Labelling
      • Space Tech
      • Telematics
      • Virtual Assistant
  • Company Eco System
      • Adobe
      • Amazon
      • Avaya
      • ESRI
      • Google
      • IBM
      • Infor
      • Microsoft
      • Mitel Partners
      • National Instruments
      • NetSuite
      • Oracle
      • Progress
      • Qlik Partner
      • Riverbed
      • Salesforce
      • SAP
      • ServiceNow
      • SiteCore
      • Splunk Partner
      • VMware
  • News
  • conferences
  • Newsletter
  • Whitepaper
  • About us
  • Specials

  • Menu
      • Amazon
      • Artificial Intelligence
      • Auction Software
      • Blockchain
      • CAD/CAM
      • Club Management
      • CPQ
      • Digital Experience
      • E-Signature
      • Education
      • Energy
      • Enterprise Mobility
      • Food and Beverages
      • GRC
      • Healthcare
      • Image Recognition
      • Indoor Positioning
      • Infor
      • Intellectual Property
      • IoT
      • Legal
      • Lidar
      • Logistics
      • NetSuite
      • Personalization
      • Predictive Analytics
      • Quality Management System
      • Remote Monitoring
      • Retail
      • RF and Microwave
      • Riverbed
      • Simulation
      • Task Management
      • Utilities
      • VMware
      • Workflow
  • VMware
  • Amazon
  • Artificial Intelligence
  • Auction Software
  • Blockchain
  • CAD/CAM
  • Club Management
  • CPQ
Specials
  • Specials

  • Amazon
  • Artificial Intelligence
  • Auction Software
  • Blockchain
  • CAD/CAM
  • Club Management
  • CPQ
  • Digital Experience
  • E-Signature
  • Education
  • Energy
  • Enterprise Mobility
  • Food and Beverages
  • GRC
  • Healthcare
  • Image Recognition
  • Indoor Positioning
  • Infor
  • Intellectual Property
  • IoT
  • Legal
  • Lidar
  • Logistics
  • NetSuite
  • Personalization
  • Predictive Analytics
  • Quality Management System
  • Remote Monitoring
  • Retail
  • RF and Microwave
  • Riverbed
  • Simulation
  • Task Management
  • Utilities
  • VMware
  • Workflow
×
#

CIO Applications Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Applications

Subscribe

loading
  • Home
  • Amazon
Editor's Pick (1 - 4 of 8)
left
Embracing Hybrid Cloud With AWS

Embracing Hybrid Cloud With AWS
Joe Fuller, VP/CIO, Dominion Enterprises

Smarter, Better, Faster Business with the Cloud & Mobility

Smarter, Better, Faster Business with the Cloud & Mobility
Daniel M. Horton, CIO, Michael Baker International

Changing The Status Quo Through Hybrid Cloud Strategies

Changing The Status Quo Through Hybrid Cloud Strategies
Mark Clayman, President and CEO, Tricore Solutions

How AWS Killed the Data Center

How AWS Killed the Data Center
Sam Chesterman, Global CIO, IPG Mediabrands

Collectively Advancing Information Technology Through Collaboration

Collectively Advancing Information Technology Through Collaboration
Jack Suess, CIO, University of Maryland Baltimore County (UMBC)

How AWS and Public Cloud are Re-defining the Call Center Industry

How AWS and Public Cloud are Re-defining the Call Center Industry
Robert Killory, CIO, 3CLogic

Hybrid Cloud Support with Amazon Web Services

Hybrid Cloud Support with Amazon Web Services
Shashi Kiran, CMO, Quali

Converting the AWS Pricing Model for Enterprises: How Business Email Breaks the Mold

Converting the AWS Pricing Model for Enterprises: How Business...
Jonathan Levine, CTO, Intermedia

right

Thank you for Subscribing to CIO Applications Weekly Brief

Designing and Building Application Security and Layering it on top of AWS

By Colin Bodell, CTO & EVP, Time Inc

Tweet
content-imageColin Bodell, CTO & EVP, Time Inc

Before joining Time Inc. as CTO in February 2014, I worked at Amazon for eight years running the Website Application Platform team that included the technology that drives all Amazon Websites. During my time there, I led the team that successfully moved Amazon websites in North America and Europe to Amazon Web Services (AWS). I consider that project highly successful, driving significant cost savings, delivering previously unheard of agility that enabled us to react to traffic spikes and providing valuable feedback to our AWS colleagues to inform how AWS was, and will be, consumed within the enterprise.

Now at Time Inc., the world’s leading magazine publisher, I’m taking my eight years of experience working with cloud-based infrastructure and moving all global Time Inc. websites, mobile technology and IT infrastructure to Amazon Web Services (AWS).

Time Inc’s compute, storage and network infrastructure is run from company-owned and operated data centers and co-location facilities worldwide. I kicked off the Time Inc. “Move to the Cloud” (MTC) initiative in April 2014 with the goal of building a cloud-based infrastructure and migrating all of our digital and enterprise applications to the cloud. Moving to a cloud-based infrastructure will significantly reduce our costs while dramatically improving time-to-deploy. I want Time Inc. out of the data center business and laser-focused on our core media-centric competencies.

The forecast we developed shows that cloud-based infrastructure costs will be ~45 percent less than equivalent services hosted in dedicated and co-location facilities. The process for bringing new hardware online in our data centers can take up to three months to specify, order, receive, rack and commission; cloud based hardware instances can be spun up in as little as 5 minutes.

In preparing for the move to the cloud, we assembled a cross-functional team representing Infrastructure, Information Security, Website Operations and Website and Mobile application owners to collaborate on the program. This team completed the design of the cloud architecture, developed enterprise cloud standards and governance procedures and built a cloud-based infrastructure to host customer-facing and back-office applications. A key area in the preparation was solving for the challenge of designing and building application security and layering it on top of AWS. The effective management of information security risk is a crucial part of our business objectives. As new technologies such as cloud-based infrastructure emerge, it is the responsibility of our Technology & Product Engineering team to ensure that information security and risks are appropriately and sufficiently addressed.

Time Inc’s compute, storage and network infrastructure is run from company-owned and operated data centers and co-location facilities worldwide


Amazon is responsible for ensuring its AWS architecture and infrastructure is secure, but the application security layer within AWS is the responsibility of the organization using the service. AWS provides a foundational security infrastructure to protect its shared system and resource platform, essentially PaaS (e.g. high availability, scalability and efficiency). The security controls provided by AWS are reactive in nature. If a customer deploys its applications using default AWS services, there are very limited application security controls in place. Companies take for granted perimeter security in a traditional infrastructure. In an AWS environment, security incident prevention, detection and monitoring are absent in a default set up. This is just a small piece of a full secure framework and a fully protected resource. It is the sole responsibility of the AWS customer (in this case, Time Inc.) to ensure its resources are protected at every layer.

We refused to take any risk when migrating our systems to the cloud without first understanding the gaps between traditional security and cloud-based infrastructure security. Our Information Security team performed a full gap assessment and quickly came to the understanding that it is not just a simple one-for-one migration. For example, AWS does not have a conventional firewall or Intrusion Detection System due to the nature of the shared platform. Instead it offers “security groups” and basic logging, neither of which is sufficient for us.

Our Information Security team identified the following gaps in a traditional AWS deployment:
1. Firewalls and Logging
2. Intrusion Detection Systems
3. Intrusion Prevention Systems
4. Denial Of Service mitigation
5. Vulnerability and Event Management
6. Control of Identity and Access Management
7. Data Loss Prevention (DLP)

We mitigated these gaps by modeling our managed security service to the unique risks of the cloud. These included implementing the following:
1. Host-based monitoring and threat detection
2. Host-based log management
3. Web Application Firewalls
4. Vulnerability scanning tools deployed in the cloud

We encountered a significant challenge in the availability and selection of 3rd party consulting organizations with experience in architecting and deploying application security systems on AWS. The ones we identified were invariably much more expensive than prior experience would indicate as appropriate. We identified Control Group who proved to have the necessary expertise with the design of secure AWS deployment mechanisms and the development of security standards. The security standards delivered by New Yorkbased Control Group laid the foundation for our full application security framework. Additionally AlertLogic was leveraged to fill in some of the gaps that existed with monitoring and detection. We employed several other vendors and best-in-breed security tools to round out the entire security framework.

By modeling its managed security service, we were able to successfully put in place the security incident prevention, detection and monitoring required to create a full secure framework and a fully protected resource. As of October 2014, all of our UK sites execute on AWS, their primary cloud hosting provider, as well as about a third of the US sites. The Time Inc. Move to the Cloud project will be completed in 2015, significantly reducing our costs while delivering greater flexibility – all to the benefit of our customers and our business.

tag

AWS

Information Security

Identity and Access Management

Event Management

Read Also

Collectively Advancing Information Technology Through Collaboration

Collectively Advancing Information Technology Through Collaboration

Jack Suess, CIO, University of Maryland Baltimore County (UMBC)
How AWS and Public Cloud are Re-defining the Call Center Industry

How AWS and Public Cloud are Re-defining the Call Center Industry

Robert Killory, CIO, 3CLogic
Hybrid Cloud Support with Amazon Web Services

Hybrid Cloud Support with Amazon Web Services

Shashi Kiran, CMO, Quali
Converting the AWS Pricing Model for Enterprises: How Business Email Breaks the Mold

Converting the AWS Pricing Model for Enterprises: How Business Email Breaks the Mold

Jonathan Levine, CTO, Intermedia

Weekly Brief

loading
ON THE DECK

Amazon 2018

Top Vendors

Amazon 2017

Top Vendors

Amazon 2016

Top Vendors

Previous Next

Featured Vendors

  • Counterpunching: Neustar is Thwarting Security Threats and Frustrating Attackers
    Counterpunching: Neustar is Thwarting Security Threats and Frustrating Attackers
  • HVR Software: Real-time Data Replication Made Easy
    HVR Software: Real-time Data Replication Made Easy
  • Allgress Systems: Compliance Partner for AWS
    Allgress Systems: Compliance Partner for AWS
  • CloudHesive: End-to-End Managed Cloud Services & Solutions
    CloudHesive: End-to-End Managed Cloud Services & Solutions

Copyright © 2019 CIOApplications. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap  |  Subscribe

follow on linkedin follow on twitter follow on rss
This content is copyright protected close

However, if you would like to share the information in this article, you may use the link below:

https://amazon.cioapplications.com/cxoinsights/designing-and-building-application-security-and-layering-it-on-top-of-aws-nid-394.html?utm_source=google&utm_campaign=cioapplications_topslider