Post on 12-Aug-2015
BUILDING SAAS FOR THE ENTERPRISE
Beau Christensen
Copyright © 2014 Ping Identity Corp. All rights reserved. 1
DEVOPS @PING
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 2
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 3
Security
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 4
Identity on the Perimeter
Embedding Identity into the internet.
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 5
http://www.deviantart.com/art/JJ-Enterprise-Cutaway-511151062
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 6
& Things will get easier.
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 7
Build a Change Process
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 8
Diversify your locations. Use the private cloud and public. Don’t put all your eggs in one basket.
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 9
Store Configuration Data Globally.
Store User Data Regionally.
Do not shard the application!
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 10
You will need to support old, shitty operating systems.
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 11
You NEED automated Security Scans, Secure Software Development Process, and yearly 3rd party audits of your software and infrastructure security.
DDoS WAF -> Firewall -> Identity -> Firewall -> WAF -> OS -> Analytics
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 12
Use active/active failover and the power of the public cloud to avoid a massive BCP or DR plan. It’s far more efficient &you don’t have to maintain moardocuments!
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 13
Public Uptime & Status
+(local!)
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 14
Gigantic, 172 page security questionnaires are a favorite.
Maintain a database of them, and makeit a repeatable process that even a salesguy could do.
WTF
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 15
They want access to you.(just be confident)
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 16
“The Big Game”
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 17
Don’t scale until you have to!
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 18
Befriend your legal people.
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 19
Confidential — do not distributeCopyright © 2014 Ping Identity Corp. All rights
reserved. 20
Worth it.