Well, if all that is changing, how is security handled in the Netflix environment? Jason Chan's presentation was eye-opening, to say the least. Chan has a long history in security. Before joining Netflix led the security team at VMware, so he knows whereof he speaks.

I found his perspective on security quite unusual for a "typical" security person. He led off by stressing that risk is the appropriate arbiter of what security practices should be implemented. Then he discussed how Netflix goes about implementing security. In light of Cockcroft's presentation, it seems appropriate that Netflix creates services to implement common security measures. Developers can self-service under this model, which keeps them productive while ensuring that what is implemented meets security requirements. And it should come as no surprise that there is a "security monkey" to validate security practices within Netflix services.

Chan went on to note that using a public cloud environment poses challenges to the traditional methods of implementing security, but that overall, Netflix does not feel it has compromised its security by using AWS. The specifics of how Netflix has achieved its security stance are contained in Chan's presentation, and reviewing it is well worth the time.