GE Appliances first began using Amazon Web Services (AWS) in 2012, but its adoption pace was slow because of its parent company’s IT policies. “In 2016, after we were acquired by Haier, we adopted a policy of ‘cloud first’ for any new deployments, and in 2017 that became a ‘cloud only’ policy,” says Rafael Garrido, the DevSecOps leader at GE Appliances. “We are now operating more like a startup, taking advantage of cloud services as soon as it makes sense to do so, instead of having to submit approval requests and wade through red tape.”
GE Appliances has already moved a significant percentage of its existing workloads to the AWS Cloud, and all departments now use some AWS solutions. These changes helped the company become more flexible and agile—but they also posed challenges. One of the biggest was how to rethink IT security so it complemented, rather than hindered, the DevOps approach.
“As we moved to a culture where everybody codes and we are constantly deploying and iterating, we realized that security could no longer function in a traditional consulting or auditing role,” says Garrido. “It was obvious we needed to change how we worked if we wanted to integrate security from the beginning. We also wanted to automate more processes to make better use of our small security team.”
To accomplish these goals, GE Appliances needed tools that would provide real-time visibility into the company’s hybrid IT infrastructure, automate management tasks at scale, and detect security events before they became incidents.
GE Appliances has been steadily building out its use of AWS Management Tools and other AWS solutions since its 2016 acquisition by Haier. According to Garrido, making deeper and broader use of AWS services is the best way a company can integrate and support more effective collaboration among its teams. “Compared to all the competitors out there, AWS offers the best blend of tools for developers, security teams, and the business side,” he explains. “With AWS, developers can rapidly create and use CI/CD processes, security teams can easily maintain detailed audit trails and impose least-privilege policies, and business teams can quickly visualize and find value in company data. The AWS ecosystem also gives security teams much more control over and visibility into how all services are used.”
In 2016, the company started using AWS CloudTrail (CloudTrail) and AWS Config. CloudTrail helped GE Appliances gain visibility into both API and non-API actions across its AWS accounts, simplifying compliance and risk auditing and enabling automated monitoring and alerting. AWS Config added the ability to centrally define resource configurations and other company-defined best practices, with alerts generated when these are violated.
More recently, the company started using Amazon EC2 Systems Manager (Systems Manager) to manage a total of about 700 on-premises and Amazon Elastic Compute Cloud (Amazon EC2) server instances. By using Systems Manager features such as Inventory, Automation, and State Manager, GE Appliances IT staff can automate software-inventory collection, system-image creation, and the configuration of Windows and Linux operating systems. The Patch Manager and Maintenance Windows features of Systems Manager support automatic detection and deployment of needed patches for software and operating systems across instance groups of any size during pre-established, minimally disruptive time frames.
By using Systems Manager and other AWS Management Tools, GE Appliances has total visibility into its hybrid- cloud environment. “Before we had access to AWS tools, we had to do lots of configuration and process logging and then absorb everything into a centralized platform to understand security events after the fact,” says Garrido. “By using Amazon EC2 Systems Manager and the other AWS tools, we’ve gone from zero to 100 percent real-time visibility, a night-and-day contrast with our prior security posture.”
Security is further heightened by the rules and guardrails Garrido and his team can automatically enforce with AWS Management Tools. For example, instead of having to audit new code and architectures at the end of the development process, Garrido can ensure the company’s security requirements are “baked into” new architecture and code from the start, avoiding project roadblocks and saving his team from time-consuming manual processes.
When security incidents do occur—such as unauthorized deletions of encryption keys or changes to route tables—AWS Management Tools have reduced response times for the GE Appliances team from days to hours. “The alerting and automation capabilities of Systems Manager and other AWS tools have helped us reduce our mean acknowledgement time from one day to less than one hour, and our mean remediation time from three days to 80 minutes,” says Garrido. “That average includes weekends and nights, and we don’t have to keep staff on duty around the clock.”
Garrido is happy with how AWS Management Tools and other AWS services have resulted in a more satisfied and engaged DevSecOps team that is building value for the company. “With the visibility and automation that Systems Manager and other AWS tools provide, my team can spend more time with their hands on their keyboards, doing strategic work like developing code that helps us shift even more from a reactive to a proactive stance,” says Garrido. “For the true technologist, working in the AWS Cloud is a really refreshing change.”
Learn how to gain operational insights and take action on AWS resources with AWS Systems Manager.