Justin Foster in
Feb 28th, 2013 |
In our previous top tips for AWS security we looked at hardening access to your AWS resources through proper use of IAM, policies and authentication. In this tip we turn our focus to hardening your Amazon Machine Images (AMI).
No matter whether you pronounce it A.M.I or Ahhh-ME (as the AWS folks do) your machine images are an important part of building applications on AWS. AMIs form the foundation of ‘Instances’ or the running machines in EC2 or VPC. AMIs can be private, communal or from the AWS marketplace.
AMIs may include only the operating system, foundation for your application...
Jonathan Gershater in
Feb 21st, 2013 |
People who drive recklessly to the airport, at a high rate of speed while clutching a cellphone to their ear, only to then board the plane and pray it does not crash, often bewilder me. Don’t they realize they bear some responsibility for arriving safely at their destination?
Trend Micro’s webinar on the new PCI DSS Cloud Computing guidelines is a reminder that while the cloud represents an enormous opportunity for offloading the data center burden; your security responsibility doesn’t necessarily follow. (Miss this popular webinar with Amazon and Accuvant? Click here to watch the replay).
Mark Nunnikhoven in
Feb 20th, 2013 |
In last week’s post, Protecting your resources with AWS Identity and Access Management, Justin covered the basics of AWS Identity Access Management (IAM). This week, we’re going to take a look at password policies and multi-factor authentication using IAM.
The value of a strong passwords is well known. Most organizations already have a password policy in place. This policy typically defines the complexity (i.e., how many numbers, special characters, length of the password, etc.) and the rotation (i.e., you must change your password every 90 days).
Some policies take the...
Dave Asprey in
Feb 14th, 2013 |
Big Cloud Security News
If you are using cloud computing, some major news just came out. PCI released the DSS Guidelines for Cloud Computing on Feb 7th. This is really important because the new document provides “guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.” While it’s meant for organizations already using (or planning to use) cloud as part of a cardholder data environment (CDE), it applies to nearly every cloud user, as the PCI DSS cloud guidance is sure to influence cloud security standards even for non-CDE environments.
Justin Foster in
Feb 13th, 2013 |
Over the next several weeks, we will be discussing best practices for securing your Amazon Web Services (AWS) environment. Before we dive into securing your instances, applications and data, we have to start from the top.
As part of the AWS shared responsibility security model, consumers of AWS play a significant role in securing their use of the service. Back in November 2012 at the AWS re:invent conference, Max Ramsay mapped AWS to the CSIS 20 Critical Security Controls as a framework for further understanding this responsibility shared between AWS and the client (you). Critical Control #12 is...
Erica Benton in
Feb 1st, 2013 |
Is your cloud economic strategy a little…foggy? In this recent webcast from Dell, Trend Micro VP of Cloud Security Dave Asprey talks with Matthew Mikell, Cloud Evangelist at Dell, and David Linthicum, CTO and founder of Blue Mountain Labs to help business discover how to create the best financial model for their cloud computing strategy:
Video streaming by Ustream
What cloud financial model fits your company?