AWS re:Invent 2023
How a 0 Day Event Galvanized a Developer Led Security Mindset at Dish Aim237

Title

AWS re:Invent 2023 - How a 0-day event galvanized a developer-led security mindset at DISH (AIM237)

Summary

  • Jim Armstrong from Snyk and Joe Farino from DISH Network discuss DISH's transformation in handling zero-day and application security events using Snyk.
  • DISH Network is known for satellite TV but also operates Sling, a cloud-native 5G mobile network, retail wireless brands, and smart home services.
  • DISH has a large development team with over 3,000 contributors, deploying hundreds of applications, with no centralized control, creating challenges for security.
  • DISH's applications are deployed on-prem, hybrid, and in the cloud, with a move towards more cloud-based deployments due to their success.
  • The Log4Shell event was a wake-up call for DISH, leading to the rapid adoption of Snyk for vulnerability management.
  • Snyk's developer security platform integrates with AWS services and provides real-time feedback to developers, helping to prevent security issues.
  • DISH uses a risk-based approach to roll out Snyk, focusing on the most critical applications first.
  • The adoption of Snyk led to a significant reduction in preventable vulnerabilities and improved the security posture of DISH's applications.
  • DISH aims to expand Snyk coverage to all developers, integrate infrastructure as code protection, and improve patching cadence and DevOps tool security.
  • The key benefits of using Snyk at DISH include shared responsibility for security, real-time feedback for developers, and a reduction in overall defects.
  • DISH's ideal state of DevSecOps includes full developer coverage with Snyk, a focus on prevention, and a responsive approach to non-preventable vulnerabilities.

Insights

  • DISH's decentralized development environment posed a significant challenge for security, highlighting the importance of integrating security into the developer workflow.
  • The Log4Shell incident served as a catalyst for DISH to reevaluate its security practices and adopt a more proactive approach with Snyk.
  • The integration of Snyk into DISH's development process demonstrates the effectiveness of "shift left" security practices, where security is considered early in the development lifecycle.
  • DISH's risk-based approach to implementing Snyk underscores the importance of prioritizing security efforts based on the criticality of applications and data.
  • The success of Snyk at DISH illustrates the value of providing developers with tools that offer wide language coverage, IDE plugins, and easy maintenance.
  • The reduction in preventable vulnerabilities at DISH after adopting Snyk indicates that empowering developers with the right tools can lead to a more secure development process.
  • DISH's future focus on infrastructure as code protection and patching cadence suggests a comprehensive approach to security that extends beyond just application code.
  • The collaboration between DISH and Snyk, and the integration with AWS services, exemplifies the benefits of partnerships in enhancing cloud security.
  • The presentation highlights the ongoing journey of security integration within DISH, emphasizing continuous improvement and the need for clear communication and collaboration across teams.
High Availability with Cloudbees CI on Aws Graviton3 and Amazon Eks Dop216How Adidas Revolutionizes Digital Systems to Fuel a Thriving Business Cpg101