Presented at
AppSec USA 2017,
Sept. 22, 2017, 9 a.m.
(45 minutes).
Most businesses have at least one old clunker app kicking around, and the longer it has been around and more clunky it is, the more likely it is to be vital to your business (otherwise you'd have gotten rid of it, right?). So how do you approach getting an old clunker migrated to the cloud? Think you can put it off? You'll probably discover that there is a compelling business reason to get it migrated lurking just around the corner that will force your hand. Whether it is as mundane as a data center consolidation effort, of as aspirational as a push to transform the business to be more agile and customer focused, the cloud has your app in its sights and will not rest until your app has made the leap.
There are a variety of approaches touted for app migration, from decomposition into micro-services, to blatant lift-and-shift, so how can you tell which migration pattern is most likely to succeed and meet business objectives? Much like approaching a renovation of an old house, how can you tell which apps are the ‘scrapers' where refactoring might as well mean rewriting, and which ones ‘have good bones' and might successfully make the transition without much more than basic updates? Cloud purists will promote a refactoring pattern where an apps decomposed into a collection of cloud-native micro-services. Others will promise that you can forklift the app into a cloud with almost no change. But do you understand the benefits and pitfalls of the various approaches? Is there a middle path?
Many questions arise, such as: Should the app be migrated to a public or private cloud? Would an IaaS or PaaS be a better fit? Can it be outsourced to a SaaS, essentially replacing the app with a cloud native offering and avoiding migration of the app itself? What are the security implications of each app migration pattern combined with the target cloud environment? Does my legacy app have inherent design assumptions that conflict with the design assumptions of the target cloud environment? Are there the necessary supporting organizational capabilities (DevOps, Agile, DevSecOps, Test Driven Design, etc.), and technologies (continuous integration/continuous deployment, configuration management automation, etc.) to support cloud migration success?
This presentation will explore these topics and more to provide a roadmap to making both good security decisions and good decisions overall in planning your app's migration to the cloud.
Presenters:
-
Christian Price
Christian Price has over a decade of experience in various information security domains and is passionate about transforming how security teams contribute value and unlock innovation. He is currently a cloud security architect, has led 2-pizza teams to develop security services for a cloud security service catalog and enjoys the disruptive nature of clouds because they force us to challenge convention and to innovate.
-
Chris Wells
Chris Wells has deployed security solutions for major healthcare, online retail, telecommunication, and financial industries. He is an accomplished application security architect with over 15 years of application security experience. Chris holds multiple security certifications including a Certified Information Security Systems Professional (CISSP), and holds a Bachelor degree from the University of Minnesota.
Links:
Similar Presentations: