Netflix has long championed “chaos engineering” to ensure viewers’ “Stranger Things” binge watching sessions are not interrupted. Netflix is one of a growing number of companies including Nike, Amazon and Microsoft that leverage chaos engineering as a means of stress testing their cloud infrastructures against a variety of unpredictable cloud events, such as a loss of cloud resources or entire regions. This has enabled them to create highly resilient infrastructure environments and ensure reliable application delivery.

This presentation by Senior Solutions Architect Ricardo Green will explain how these companies have also created a model that any organization can follow to improve the security of their cloud-based platforms.

The number one cause of cloud data breaches is infrastructure misconfiguration, whether due to human error, a lack of policy controls in CI/CD pipelines, or bad actors. Modern cloud threats use automation to find and exploit these misconfiguration vulnerabilities before traditional scan and alert tools can identify them. In order to become more proactive and prevent these threats from doing any damage, an organization needs to simulate real-world misconfigurations to identify security gaps before they are exploited.

Ricardo will examine the common cloud infrastructure misconfigurations that put data at risk and provide a live demonstration of how attackers exploit these vulnerabilities. He will also show how to thwart those attacks by:

• Deploying chaos engineering against their own test cloud environments
• Measuring cloud security resilience using Mean Time to Remediation (MTTR)
• Evaluating and using different tools to automatically remediate misconfiguration without human intervention
• Identifying critical cloud resources in order to prioritize their security efforts
• Building security collaboration between Security, Application Teams, and Operations

Attendees will learn how cloud security chaos engineering will ensure their cloud security efforts cover all critical cloud resources, such as network configuration, security group rules, identity and access management, and resource access policies; address all related policies, such as GDPR, HIPAA, NIST 800-53, PCI, CIS Benchmark, and internal enterprise security policies; and enable automatic recovery from all misconfiguration events.