AppSec USA 2017 has ended
Back To Schedule
Friday, September 22 • 9:00am - 9:45am
This Old App, a guide to renovating apps for the cloud

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Most businesses have at least one old clunker app kicking around, and the longer it has been around and more clunky it is, the more likely it is to be vital to your business (otherwise you’d have gotten rid of it, right?). So how do you approach getting an old clunker migrated to the cloud? Think you can put it off? You’ll probably discover that there is a compelling business reason to get it migrated lurking just around the corner that will force your hand. Whether it is as mundane as a data center consolidation effort, of as aspirational as a push to transform the business to be more agile and customer focused, the cloud has your app in its sights and will not rest until your app has made the leap.


There are a variety of approaches touted for app migration, from decomposition into micro-services, to blatant lift-and-shift, so how can you tell which migration pattern is most likely to succeed and meet business objectives? Much like approaching a renovation of an old house, how can you tell which apps are the ‘scrapers’ where refactoring might as well mean rewriting, and which ones ‘have good bones’ and might successfully make the transition without much more than basic updates? Cloud purists will promote a refactoring pattern where an apps decomposed into a collection of cloud-native micro-services. Others will promise that you can forklift the app into a cloud with almost no change. But do you understand the benefits and pitfalls of the various approaches? Is there a middle path?


Many questions arise, such as: Should the app be migrated to a public or private cloud? Would an IaaS or PaaS be a better fit? Can it be outsourced to a SaaS, essentially replacing the app with a cloud native offering and avoiding migration of the app itself? What are the security implications of each app migration pattern combined with the target cloud environment? Does my legacy app have inherent design assumptions that conflict with the design assumptions of the target cloud environment? Are there the necessary supporting organizational capabilities (DevOps, Agile, DevSecOps, Test Driven Design, etc.), and technologies (continuous integration/continuous deployment, configuration management automation, etc.) to support cloud migration success?


This presentation will explore these topics and more to provide a roadmap to making both good security decisions and good decisions overall in planning your app’s migration to the cloud.

avatar for Christian Price

Christian Price

Christian Price has over a decade of experience in various information security domains and is passionate about transforming how security teams contribute value and unlock innovation. He is currently a cloud security architect, has led 2-pizza teams to develop security services for... Read More →
avatar for Chris Wells

Chris Wells

Chris Wells has deployed security solutions for major healthcare, online retail, telecommunication, and financial industries. He is an accomplished application security architect with over 15 years of application security experience. Chris holds multiple security certifications including... Read More →

Friday September 22, 2017 9:00am - 9:45am EDT
Fiesta 6