Netflix today continued its tradition of sharing lessons it has learned from using Amazon’s cloud at a massive scale by releasing Security Monkey, a tool it has developed internally for monitoring the security of its cloud.
The move to release an open source version of Security Monkey follows a long line of Netflix releasing tools to the general public. It has released more than three dozen other features such as a fault tolerance testing mechanism named Chaos Monkey as well.
+MORE AT NETWORK WORLD: Why Netflix is one of the most important cloud computing companies | 7 Tips for protecting your AWS cloud +
Security Monkey works pretty simply, at least at a high-level. It monitors the AWS cloud looking for unusual behavior and it notifies appropriate personnel of any changes it finds. For example, AWS has controls in place that allow an administrator to set up the security policies on virtual machines and its storage services. If one of those security policies is changed, Security Monkey will identify it and report it. Security Monkey keeps a log of every change it finds.
AWS does provide some of these services itself. For example, last year AWS released a beta version of CloudTrail, which provides a log of all API (Application Programming Interface) calls made on a user’s account. This is raw data of all the actions taken, which can be helpful data, but CloudTrail data alone will not alert users. Instead, it’s more of an auditing log tool that is free.
For more detailed analysis, AWS has Trusted Advisor. This platform monitors many aspects of AWS usage, including resources optimization (are you running the best sized virtual machine instance type for your workload?) and ensuring that deployments follow AWS security best practices. These consulting services cost between $100 for a small business and up to a base-level of $15,000 for an enterprise. There is also a broad industry of third party security, monitoring and optimization tools available on the Amazon Marketplace.
Security Monkey is a free open source option. This new tool for Netflix would likely work well in organizations that are already using some of Netflix’s other Simian Army tools. Perhaps most famously, Netflix has Chaos Monkey and Chaos Gorilla, which are open source tools to test for fault tolerance. Chaos Monkey randomly shuts instances off to ensure systems are configured to handle downtime. Chaos Gorilla does the same on a larger scale, mimicking an availability zone outage in AWS’s cloud. Netflix also has Janitor Monkey, which searches for unused instances and shuts them down; and Latency Monkey which purposely creates delays in the system to test the system’s recovery process.
The broader point is that AWS’s IaaS platform provides base-level commodity infrastructure. It provides the virtual machines, the storage and databases. It’s up to customers to configure those systems and then ensure they are protected to whatever level they deem necessary. Netflix has proven that AWS’s cloud, even for some of its biggest users, requires quite a bit of tinkering and additional support. Now users can learn from that knowledge as well.