Back To Schedule
Friday, September 19 • 1:00pm - 1:45pm
Auto-Scaling Web Application Security in the Cloud

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Securing web applications has placed extreme demands on security professionals – in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today’s cloud enabled applications scale-up well beyond previous web applications. It is not unusual for cloud enabled web applications to have changing infrastructure footprint within minutes that scale to millions of users. This has placed a greater burden on securing these applications. How can you design auto-scaling security to match these rapidly scaling web applications? Older style web application defenses and security almost always fail. Additional web application security capacity added days or even weeks after the server farm has grown and began processing live transactions is not acceptable.

In this session the audience will learn several approaches to auto-scaling web application security, using practical examples built around Amazon Web Services. The audience will learn about:
• Common techniques and tools used to provide security for auto-scaling web applications including Chef/Puppet, CloudFormation, Elastic Load Balancer.
• Role of auto-scaling groups and common requirements for management APIs in automatically deploying web security infrastructure.
• Common scaling triggers and mechanics by which web application security infrastructure must scale to operate in lockstep with elastic web server farms.
• Impact Platform-as-a-Service (PaaS) services have on auto-scaling web application security and approaches to deploying application security controls embedded directly into web applications.
While this is a session primarily designed for an advanced audience with strong understanding of IP networking, web application security fundamentals and experience in managing security infrastructure in a public cloud environment, the information covered will also be of interest to intermediate attendees that set technology strategy and formulate requirements for cloud security controls.


Misha Govshteyn

VP of Technology Services, Alert Logic
Misha Govshteyn co-founded Alert Logic in 2002. Govshteyn is responsible for security strategy, security research and software development at Alert Logic. Prior to founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this role... Read More →

Friday September 19, 2014 1:00pm - 1:45pm MDT
Colorado Ballroom E [Defenders] Denver Marriott City Center