Guardrails and Paved Roads

In conversation with Jason Chan
AUTHOR
Travis McPeak, Co-founder & CEO
PUBLISH DATE
February 13, 2023

Cloud resources are complex! Engineers in cloud-first environments often struggle to provision simple cloud resources that meet their company’s standards, best practices, and requirements. Many organizations introduce central teams (i.e., Platform, DevOps) to help developers get cloud resources set up the way they need. Unfortunately, these teams quickly get buried in ops. There’s a lot of friction to what should be a quick process, but companies tolerate the ops load and slowness because it’s critical to get cloud resources configured correctly and securely from the beginning.

Data shows that misconfigurations are responsible for 90-99% of cloud security breaches. Today, the primary market focus within cloud security is on scanners, which reactively indicate when a misconfiguration is detected. The problem is that by the time you’re alerted to misconfigurations, it’s too late. You have to fix it with cloud vulnerability management, and as an industry, we’re just not good at it. 

In Netflix Information Security, we faced many of these problems, and the best solution was paved roads. Paved roads create a win-win, where developers get what they need quickly with self-service, and the central teams that support them avoid the ops load and ensure correct configurations from the beginning. Paved roads provide other benefits, including resource ownership attribution and safe change management.

In the video above, Jason Chan (former VP of Security at Netflix) discusses paved roads for security, where the concept originated, and how they were effective at Netflix. 

Watch Jason’s interview to learn:

  • Where the terms “paved road” and “guardrails” came from
  • How an open-source project, Lemur, created a win-win for developers and security
  • How to measure success for paved road projects
  • What kinds of problems lend themselves to paved road solutions
  • How and when to get started with paved roads as a security team

Ready to get started?

Set up a time to talk to our team to get started with Resourcely.

Get in touch

More posts

View all
November 13, 2024

Streamline AI Adoption

Build paved roads for deploying AWS Bedrock
November 11, 2024

Configuration perspectives: AWS S3

Best practices for configuring S3 using Terraform, while taking into account input from a variety of stakeholders
July 30, 2024

Guardrails: Scalable policies for cloud infrastructure

Safeguard the security and stability of your cloud

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!