The Show Must Go On: Securing Netflix Studios At Scale

Netflix Technology Blog
13 min readadvanced
--
View Original

Overview

The article discusses Netflix's approach to enhancing security at scale through the development of Wall-E, a custom implementation of Zuul that integrates Single Sign-On (SSO) to streamline security processes while maintaining high security standards. It highlights the collaboration between Application Security and Cloud Gateway teams to create a more efficient and secure application deployment strategy.

What You'll Learn

1

How to integrate Single Sign-On with application security frameworks

2

Why productizing security capabilities can drive developer adoption

3

How to streamline security processes for rapid application deployment

Prerequisites & Requirements

  • Understanding of application security principles
  • Familiarity with Zuul and cloud gateway technologies(optional)

Key Questions Answered

How did Netflix improve application security while accelerating deployment?
Netflix improved application security by developing Wall-E, a custom Zuul implementation that integrates Single Sign-On for all requests, ensuring guaranteed authentication for services. This approach streamlined security processes and reduced the complexity of security checklists for developers.
What challenges did Netflix face in adopting Wall-E?
Netflix faced challenges such as the time-consuming setup of Wall-E for applications and the need to prioritize product goals over security improvements. Developers often preferred focusing on product work, which made it difficult to drive organic adoption of security enhancements.
What metrics indicate the success of Wall-E's adoption?
Wall-E now fronts over 350 applications and adds approximately three new production applications per week. Adoption metrics show that about two-thirds of recommended apps have chosen to adopt Wall-E, indicating significant success in improving security and deployment speed.
How does Wall-E enhance the developer experience?
Wall-E enhances the developer experience by automating the setup process, allowing developers to configure applications quickly with a version-controlled YAML file. This approach reduces setup time to under 10 minutes for typical applications, enabling faster deployment and iteration.

Key Statistics & Figures

Applications fronted by Wall-E
over 350 applications
Wall-E is currently supporting a growing number of applications, demonstrating its effectiveness in enhancing security.
New production applications added weekly
approximately 3 applications per week
This rate of adoption highlights the growing reliance on Wall-E for securing internet-facing applications.
Percentage of recommended apps adopting Wall-E
roughly ⅔
This statistic reflects the success of Wall-E in meeting security needs while aligning with developer productivity.

Technologies & Tools

Backend
Zuul
Used as the foundation for Wall-E, enabling routing and security features for applications.

Key Actionable Insights

1
Integrate Single Sign-On into your application architecture to enhance security effortlessly.
By making authentication a core architectural feature rather than an implementation detail, you can significantly reduce security risks and streamline the development process.
2
Adopt a productized approach to security capabilities to drive developer engagement.
Clearly defining the value proposition and automating processes can help ensure that developers prioritize security without sacrificing their product goals.
3
Utilize intent-based configurations to simplify application setup and enhance security.
By allowing developers to express their intent through a standardized format, you can automate many setup tasks, reducing friction and improving overall security posture.

Common Pitfalls

1
Underestimating the time and effort required for initial setup of security frameworks.
Many teams may prioritize product features over security, leading to delays in adopting essential security measures. It's crucial to streamline the onboarding process to encourage faster adoption.
2
Relying on manual processes for security configurations.
Manual configurations can lead to inconsistencies and increased risk. Automating these processes through standardized configurations can significantly enhance security and reduce errors.

Related Concepts

Application Security
Single Sign-on
Cloud Gateway Technologies
Microservices Architecture