Posted by
Justin Foster in
Cloud
Feb 28th, 2013 |
1 Comment
In our previous top tips for AWS security we looked at hardening access to your AWS resources through proper use of IAM, policies and authentication. In this tip we turn our focus to hardening your Amazon Machine Images (AMI).
No matter whether you pronounce it A.M.I or Ahhh-ME (as the AWS folks do) your machine images are an important part of building applications on AWS. AMIs form the foundation of ‘Instances’ or the running machines in EC2 or VPC. AMIs can be private, communal or from the AWS marketplace.
AMIs may include only the operating system, foundation for your application...
Posted by
Jonathan Gershater in
Cloud
Feb 21st, 2013 |
No Comments
People who drive recklessly to the airport, at a high rate of speed while clutching a cellphone to their ear, only to then board the plane and pray it does not crash, often bewilder me. Don’t they realize they bear some responsibility for arriving safely at their destination?
Trend Micro’s webinar on the new PCI DSS Cloud Computing guidelines is a reminder that while the cloud represents an enormous opportunity for offloading the data center burden; your security responsibility doesn’t necessarily follow. (Miss this popular webinar with Amazon and Accuvant? Click here to watch the replay).
When...
Posted by
Mark Nunnikhoven in
Cloud
Feb 20th, 2013 |
2 Comments
In last week’s post, Protecting your resources with AWS Identity and Access Management, Justin covered the basics of AWS Identity Access Management (IAM). This week, we’re going to take a look at password policies and multi-factor authentication using IAM.
Password Policies
The value of a strong passwords is well known. Most organizations already have a password policy in place. This policy typically defines the complexity (i.e., how many numbers, special characters, length of the password, etc.) and the rotation (i.e., you must change your password every 90 days).
Some policies take the...
Posted by
Dave Asprey in
Cloud
Feb 14th, 2013 |
No Comments
Big Cloud Security News
If you are using cloud computing, some major news just came out. PCI released the DSS Guidelines for Cloud Computing on Feb 7th. This is really important because the new document provides “guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.” While it’s meant for organizations already using (or planning to use) cloud as part of a cardholder data environment (CDE), it applies to nearly every cloud user, as the PCI DSS cloud guidance is sure to influence cloud security standards even for non-CDE environments.
Why...
Posted by
Justin Foster in
Cloud
Feb 13th, 2013 |
No Comments
Over the next several weeks, we will be discussing best practices for securing your Amazon Web Services (AWS) environment. Before we dive into securing your instances, applications and data, we have to start from the top.
As part of the AWS shared responsibility security model, consumers of AWS play a significant role in securing their use of the service. Back in November 2012 at the AWS re:invent conference, Max Ramsay mapped AWS to the CSIS 20 Critical Security Controls as a framework for further understanding this responsibility shared between AWS and the client (you). Critical Control #12 is...
Posted by
Erica Benton in
Cloud
Feb 1st, 2013 |
No Comments
Is your cloud economic strategy a little…foggy? In this recent webcast from Dell, Trend Micro VP of Cloud Security Dave Asprey talks with Matthew Mikell, Cloud Evangelist at Dell, and David Linthicum, CTO and founder of Blue Mountain Labs to help business discover how to create the best financial model for their cloud computing strategy:
Video streaming by Ustream
What cloud financial model fits your company?
Share/Bookmark
