Vendors are looking for ways to differentiate themselves in a crowded market and organizations are looking for solutions that are cheaper, faster, and easier for their teams to deploy and manage. Service providers are now offering a “BYOC” option for their product, where the employees of the SaaS company install & manage the cloud infrastructure and software into your cloud environments. This can be enticing on both sides - enabling the vendor to focus on core product development, and freeing infrastructure teams from re-architecting and managing another tool in your stack. However, the risks introduced in this new paradigm are immediately clear - expanded cloud attack surface, granting elevated access to another entity, and redefining your posture on insider threat are just the beginning. Yet, for some organizations the tradeoff in control is well worth the operational and cost savings proposed by this model. We’ll cover how this new deployment option differs from existing well-established integration patterns and scenarios where this option can benefit your organization. Additionally, we will provide key considerations to keep in mind when considering this deployment option, and strategies for mitigating risk and maintaining security.
Many AWS cloud practitioners know VPC Endpoints (VPCEs) are best practice for securely accessing AWS and partner services privately within a VPC, but those who have worked with Interface VPCEs can tell you the per-hour running costs of those VPCEs can add up quickly. Thankfully, AWS provides a solution - a centralized access pattern for sharing Interface VPCEs and subscribing to those VPCEs from multiple VPCs. There is just one catch - with shared VPCEs come shared VPCE policies, traditionally limiting the specificity of such policies. Must least privilege be sacrificed to make the finance team happy? Not any longer! This session will cover how practitioners can shape their centralized VPCE policies to mimic functionality available in a distributed VPCE architecture.
We share Alloy's journey toward a self-service infrastructure model. They explore how small companies can balance rapid deployment with cost-efficiency, security, and operational benefits using Infrastructure as Code (IaC) and modern DevOps practices. They offer valuable strategies for implementing reusable infrastructure modules, deployment checks, and tools like pre-commit hooks and GitHub actions, providing a roadmap for fintech companies aiming to empower their developers while maintaining robust security standards.