Running on Amazon EKS – How Greenlight Gets Security Right

0 likes•146 views

The document outlines Greenlight's journey as a financial technology company focused on teaching children money management, showcasing their growth and accomplishments since 2014. It addresses their transition to a microservices architecture and highlights security as a shared responsibility in service deployments. Additionally, the document discusses tools and practices related to Kubernetes and suggests further resources for improving security and compliance.

Technology

Greenlight & StackRox
Our Technical Journey

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
EARN
SAVE
SPEND
GIVE
Who we are
Greenlight Helps
Parents Raise
Financially Smart Kids!
LEARN

They managed money. They saved.
$150+
MILLION MANAGED
$171
$161
$106
$66
19-22
15-18
11-14
5-10
They earned.
1.8
MILLION
CHORES
They cared.
What Greenlight kids accomplished in 2019
2.6
MILLION
$
What kids saved for:
Cars
College
Computers
Airpods
Christmas
Average amount saved by
age group
Set aside to give in 2019
$912
$784
$355
$164
19-22
15-18
11-14
5-10
Average amount managed
by age group

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
How we got here
Greenlight Founded
New features and start shift to microservices
Greenlight 2.0
2014
2017
2018
2019 Focus on partner platform and microservice maturity
Platform for Partners
First Product to Market

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
Greenlight growth and technology timeline
2018 2019 2020
Started down the path deﬁning the GL platform
Started to get some scale with our microservices strategy
Additional compliance and security requests from partner offering
IncreasingImpact
ofvulnerabilities

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
Greenlight application context
Payment
Processing
GL
Business
Logic
Vendor
Logic
Greenlight Data
Consumer
Apps
Customer
Service
App
Partner &
Vendor
Interfaces
Greenlight Backend
Application Code

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
Tenant 1
Tenant 2
Greenlight deployment strategy

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
Managed service vs managed expectations
IaaS PaaS SaaS
Security?
Managed by vendor Managed by you

GREENLIGHT FINANCIAL TECHNOLOGY, INC
PROPRIETARY & CONFIDENTIAL.
Summary
What we learned
- Managed service != SaaS
- Security is a shared responsibility
- Chose tools that ﬁt need and strategy
What we like about StackRox
- Aligned with deployment strategy
- Aligned with organizational strategy

13©2019 StackRox. All rights reserved.
So … how do we make all this a bit easier?

14©2019 StackRox. All rights reserved.
Multi-factor risk proﬁling vs.
list of vulnerabilities
• test vs. prod
• running as root
• exposed to the Internet
• suspicious processes
Leverage Kubernetes context to prioritize risk

15©2019 StackRox. All rights reserved.
Line-for-line details on which
controls are relevant to
containers and Kubernetes
Dashboard-level overview to
zero in on non-compliant
controls
Export detailed Excel of each
individual control test to meet
auditors’ demands
At-a-glance view of compliance

16©2019 StackRox. All rights reserved.
Leverage k8s network policies
for segmentation
• See active vs. allowed
paths
• Auto generate updated
YAML
• Apply directly or via
DevOps processes
Automatically reduce the blast radius

17©2019 StackRox. All rights reserved.
Next Steps
• Learn more about Greenlight!
• Check StackRox technical blog content
• EKS security best practices
• Kube conﬁg best practices
• How EKS vs. AKS vs. GKE stack up
• Highlights of latest Kube/Istio releases
• See Kube-native controls in action
• Request an online demo

More Related Content

PDF

2019 Accelerate State of DevOps Survey Results Are InDevOps.com

PDF

Extending Jenkins to the Mainframe. A Simpler Approach.DevOps.com

PDF

Using GitHub and Visual Studio Code for Mainframe DevelopmentDevOps.com

PDF

Transforming CI/CD at ABN AMRO to Accelerate Software Delivery and Improve Se...DevOps.com

PDF

Mainframe APIs and Modern DevOpsDevOps.com

PDF

Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com

PDF

Measure Customer Value with Self-Service ObservabilityDevOps.com

PDF

Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...DevOps.com

2019 Accelerate State of DevOps Survey Results Are InDevOps.com

Extending Jenkins to the Mainframe. A Simpler Approach.DevOps.com

Using GitHub and Visual Studio Code for Mainframe DevelopmentDevOps.com

Transforming CI/CD at ABN AMRO to Accelerate Software Delivery and Improve Se...DevOps.com

Mainframe APIs and Modern DevOpsDevOps.com

Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com

Measure Customer Value with Self-Service ObservabilityDevOps.com

Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...DevOps.com

What's hot (20)

PPTX

Automate and Enhance Application Security AnalysisCarlos Andrés García

PDF

Deliver your App Anywhere … Publicly or PrivatelyDevOps.com

PDF

Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com

PDF

Pentest as a Service Impact 2020DevOps.com

PDF

XebiaLabs Overview SlidesXebiaLabs

PDF

Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group

PDF

DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu

PDF

Jesse Pulfer Pivotal Overview June 2018VMware Tanzu

PPTX

End to-End Monitoring for ITSM and DevOpseG Innovations

PPTX

Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs

PDF

Dependency Health: Removing the Barriers to Keeping Projects in ShapeDevOps.com

PDF

Building an Adoption Plan: Turning it on(Part 2 of 2)Cisco Canada

PDF

Cloud Native Batch Processing: Beyond the What and HowVMware Tanzu

PPTX

Building a Bridge Between CI/CD and ITSMXebiaLabs

PPTX

Delivering Java Applications? Ensure Top Performance Every Time, with Intell...John Williams

PDF

Managing Citrix Digital Business Services Performance - Make your first Impre...eG Innovations

PPTX

2018 Citrix Migration Survey - Industry InsightseG Innovations

PPTX

Gartner EA Architecting for DevOps and Hybrid CloudRosalind Radcliffe

PDF

The Reality of Managing Microservices in Your CD PipelineDevOps.com

PPTX

DevOps Hits Adolescence – what’s next?XebiaLabs

Automate and Enhance Application Security AnalysisCarlos Andrés García

Deliver your App Anywhere … Publicly or PrivatelyDevOps.com

Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com

Pentest as a Service Impact 2020DevOps.com

XebiaLabs Overview SlidesXebiaLabs

Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group

DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu

Jesse Pulfer Pivotal Overview June 2018VMware Tanzu

End to-End Monitoring for ITSM and DevOpseG Innovations

Accelerate DevOps Transformation with App Migration to the CloudXebiaLabs

Dependency Health: Removing the Barriers to Keeping Projects in ShapeDevOps.com

Building an Adoption Plan: Turning it on(Part 2 of 2)Cisco Canada

Cloud Native Batch Processing: Beyond the What and HowVMware Tanzu

Building a Bridge Between CI/CD and ITSMXebiaLabs

Delivering Java Applications? Ensure Top Performance Every Time, with Intell...John Williams

Managing Citrix Digital Business Services Performance - Make your first Impre...eG Innovations

2018 Citrix Migration Survey - Industry InsightseG Innovations

Gartner EA Architecting for DevOps and Hybrid CloudRosalind Radcliffe

The Reality of Managing Microservices in Your CD PipelineDevOps.com

DevOps Hits Adolescence – what’s next?XebiaLabs

Similar to Running on Amazon EKS – How Greenlight Gets Security Right (20)

PDF

Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martinnoniqclarah

PPTX

10 tips for Cloud Native SecurityKarthik Gaekwad

PPTX

KubeSecOpsKarthik Gaekwad

PDF

Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...seinersofhia

PDF

Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury

PPTX

Kubernetes SecurityKarthik Gaekwad

PDF

Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalbaduukkoofi65

PPTX

DevSecOps in a cloudnative worldKarthik Gaekwad

PPTX

Application security meetup k8_s security with zero trust_29072021lior mazor

PDF

KubeCon 2019 Recap (Parts 1-3)Ford Prior

PPTX

ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi

PPTX

Practical Approaches to Cloud Native SecurityKarthik Gaekwad

PDF

Kubernetes Up Running Dive Into The Future Of Infrastructure Third Edition 3r...luvoszugrav

PDF

Production Kubernetes: Building Successful Application Platforms 1st Edition ...isleymonwuka

PDF

From Monoliths to Services: Paying Your Technical DebtTechWell

PDF

Kubernetes 201: Taking your Managed Kubernetes service to the next levelOVHcloud

PDF

Prioritizing Complexities of Enterprise Kubernetes.pdfKedarnath76

PDF

Kubernetes Operators 1st Edition Jason Dobiesovqkhmh6764

PDF

Managing Kubernetes operating Kubernetes clusters in the real world First Edi...jayedmonotbp

PPTX

Security and Observability of Application Traffic in KubernetesAkshay Mathur

Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martinnoniqclarah

10 tips for Cloud Native SecurityKarthik Gaekwad

KubeSecOpsKarthik Gaekwad

Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...seinersofhia

Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury

Kubernetes SecurityKarthik Gaekwad

Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalbaduukkoofi65

DevSecOps in a cloudnative worldKarthik Gaekwad

Application security meetup k8_s security with zero trust_29072021lior mazor

KubeCon 2019 Recap (Parts 1-3)Ford Prior

ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi

Practical Approaches to Cloud Native SecurityKarthik Gaekwad

Kubernetes Up Running Dive Into The Future Of Infrastructure Third Edition 3r...luvoszugrav

Production Kubernetes: Building Successful Application Platforms 1st Edition ...isleymonwuka

From Monoliths to Services: Paying Your Technical DebtTechWell

Kubernetes 201: Taking your Managed Kubernetes service to the next levelOVHcloud

Prioritizing Complexities of Enterprise Kubernetes.pdfKedarnath76

Kubernetes Operators 1st Edition Jason Dobiesovqkhmh6764

Managing Kubernetes operating Kubernetes clusters in the real world First Edi...jayedmonotbp

Security and Observability of Application Traffic in KubernetesAkshay Mathur

More from DevOps.com (20)

PPTX

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com

PPTX

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com

PDF

Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com

PPTX

Vulnerability Discovery in the CloudDevOps.com

PDF

2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com

PDF

A New Year’s Ransomware ResolutionDevOps.com

PPTX

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com

PDF

Don't Panic! Effective Incident ResponseDevOps.com

PDF

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com

PDF

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com

PDF

Monitoring Serverless Applications with DatadogDevOps.com

PPTX

Securing medical apps in the age of covid finalDevOps.com

PDF

How to Build a Healthy On-Call CultureDevOps.com

PPTX

The Evolving Role of the Developer in 2021DevOps.com

PDF

Service Mesh: Two Big Words But Do You Need It?DevOps.com

PPTX

Secure Data Sharing in OpenShift EnvironmentsDevOps.com

PPTX

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com

PDF

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com

PDF

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com

PDF

How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com

Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com

Vulnerability Discovery in the CloudDevOps.com

2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com

A New Year’s Ransomware ResolutionDevOps.com

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com

Don't Panic! Effective Incident ResponseDevOps.com

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com

Monitoring Serverless Applications with DatadogDevOps.com

Securing medical apps in the age of covid finalDevOps.com

How to Build a Healthy On-Call CultureDevOps.com

The Evolving Role of the Developer in 2021DevOps.com

Service Mesh: Two Big Words But Do You Need It?DevOps.com

Secure Data Sharing in OpenShift EnvironmentsDevOps.com

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com

Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com

How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com

Recently uploaded (20)

PDF

Trying to figure out MCP by actually building an app from scratch with open s...Julien SIMON

PDF

CIFDAQ's Market Wrap : Bears Back in Control?CIFDAQ

PDF

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

PDF

Using Anchore and DefectDojo to Stand Up Your DevSecOps FunctionAnchore

PDF

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

PPTX

IT Runs Better with ThousandEyes AI-driven AssuranceThousandEyes

PPTX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

PDF

Brief History of Internet - Early Days of Internetsutharharshit158

PDF

Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdfCA Suvidha Chaplot

PDF

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

PPTX

cloud computing vai.pptx for the projectvaibhavdobariyal79

PDF

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

PDF

Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGISSafe Software

PDF

SparkLabs Primer on Artificial Intelligence 2025SparkLabs Group

PDF

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

PDF

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

PDF

Tea4chat - another LLM Project by Kerem Atama0m0rajab1

PPTX

Simple and concise overview about Quantum computing..pptxmughal641

PDF

NewMind AI Weekly Chronicles - July'25 - Week IVNewMind AI

PPTX

OA presentation.pptx OA presentation.pptxpateldhruv002338