Akshay Mahajan
Akshay is a seasoned technologist leading Production Security at Wayfair. He specializes in steering complex security initiatives across large-scale enterprise environments, with a dedicated focus on driving resilience and scalable innovation in the e-commerce sector.
Session
For nearly ten years, companies using public cloud infrastructure have struggled to secure against risks like exposed service account keys, weak access control, and misconfiguration leading to public data leaks.
We set out to tackle this problem by balancing practicality with the engineering expectation of velocity. We committed to a multi-year path to make Data security our core pillar by operationalizing VPC Service Controls (VPC-SC) across our Data Assets.
This talk will walk you through how we approached the design, trade-offs, and the lessons learned in execution, including managing millions of error logs and identifying hidden Google-managed service dependencies. We will showcase the impact this roll-out has had on our security posture with practical recommendations and key takeaways for integrating VPC-SC with other essential security processes, including; change management and third-party risk management. Attendees will leave with a practical playbook for moving from "Default Allow" to "Enforced Deny" without causing massive production outages.