GoDaddy: Empowering Agility with Zero-Trust Environment Best Practices

Опубликовано 21 июня 2022, 17:23

Learn from GoDaddy's Director of Information Security on Best Practices to enable Agility in a Zero Trust Environment.  Security is in GoDaddy's DNA and to enable it they practice the zero trust architecture.  GoDaddy took approach that every org is separated and isolated. The Dev accounts are isolated by account boundary. Every account setup has it's own VPC with isolated subnet and  private IPs. GoDaddy also does node rotation daily with updated Golden AMIs. GoDaddy rotates this from the EC2 instances to the whole EKS clusters. Because they update and rotate the Golden AMI images frequently, GoDaddy never have to patch.  GoDaddy built an OSS tool that runs configuration scans, but also runs scans looking for GoDaddy standards. Another way to stop horizontal movement within the group is that they do not allow VPC peering. The Accounts would talk to each other via NAT Gateway. They can quickly isolate an Account to reduce the blast radius if that Account were to get compromised.  GoDaddy governs the account creation through their Cloud Portal that performs Cloud Readiness Review. The process checks to see if the application follows best practices/standards. Once approved, the application team is onboard through the portal and baseline environment is created with security approved CloudFormation templates. This automation enables GoDaddy to make it easier to spin-up a new account with best practices in an isolated fashion with security built in.

Check out more resources for architecting in the #AWS​​​ cloud:
amzn.to/2ZIbygO​

#AWS #AmazonWebServices #CloudComputing #ThisIsMyArchitecture