Posted by
Justin Foster in
Cloud
Apr 30th, 2013 |
No Comments
Over the past weeks we have been reviewing the top 10 tips for securing instances running on Amazon Web Services. We walked through the critical controls as part of the AWS shared security model. As noted in these tips, host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring are critical for protecting your applications and data.
While some of these recommended tips involve configuring and tuning AWS itself, some require the use of third-party tools. So when looking for candidates for securing your cloud projects, here are five questions...
Posted by
Dave Asprey in
Cloud
Apr 29th, 2013 |
No Comments
Amazon Web Services did it again. Its new service, OpsWorks, is an application management service with the ability to manage applications of any scale or complexity in the AWS cloud. This integrated system manages resource provisioning, configuration management, application deployment, software updates, and monitoring and access control.
The service is another offering from the leader in cloud computing poised to disrupt a market, in this case, Platform as a Service (PaaS). OpsWorks will compete directly with PaaS mainstays Heroku, Engine Yard and AppFog. Given the speculation that AWS is working...
Posted by
Justin Foster in
Cloud
Apr 10th, 2013 |
No Comments
In this series, Mark and I have talked about hardening your AWS resources (both inside and outside of your instances) and preforming ongoing monitoring. The last two tips are around measuring your overall security so that you can understand your risks and measure your progress.
It may be an old adage but it still rings true… You can’t manage what you can’t measure. You may have layer upon layer of defense, but unless you conduct a vulnerability assessment you don’t really know where you stand.
Assess Your IaaS
Conducting a vulnerability assessment includes identifying and prioritizing vulnerabilities...
Posted by
Justin Foster in
Cloud
Mar 27th, 2013 |
No Comments
So far in this series, we have shared tips for securing access to your AWS resources, hardening your system and protecting with a firewall and IPS combination. At this point, your applications running on Amazon Web Services are resilient to attack, but it is critical that ongoing monitoring be a part of your overall security strategy. Monitoring ensures that you are aware of intrusions that have made it past your lines of defense, and that your application continues to operate correctly.
Start With Statistics
AWS provides CloudWatch, an excellent service to monitor your overall system health....
Posted by
Justin Foster in
Cloud
Mar 13th, 2013 |
No Comments
In this series, Mark and I have covered tips for securing your Amazon Web Services (AWS) account, building hardened Amazon Machine Images and locking down the operating system. Now we turn our attention to one of the most simple, yet powerful ways to secure your instances: the firewall.
Implementing a firewall policy is just basic survival when it comes to internet-facing servers. AWS provides Security Groups as a mandatory whitelisting firewall to limit inbound open ports on EC2. You can allow specific ports/protocols for an IP or CIDR. Within a Virtual Private Cloud (VPC) the firewall adds...
Posted by
Justin Foster in
Cloud
Feb 28th, 2013 |
1 Comment
In our previous top tips for AWS security we looked at hardening access to your AWS resources through proper use of IAM, policies and authentication. In this tip we turn our focus to hardening your Amazon Machine Images (AMI).
No matter whether you pronounce it A.M.I or Ahhh-ME (as the AWS folks do) your machine images are an important part of building applications on AWS. AMIs form the foundation of ‘Instances’ or the running machines in EC2 or VPC. AMIs can be private, communal or from the AWS marketplace.
AMIs may include only the operating system, foundation for your application...
Posted by
Jonathan Gershater in
Cloud
Feb 21st, 2013 |
No Comments
People who drive recklessly to the airport, at a high rate of speed while clutching a cellphone to their ear, only to then board the plane and pray it does not crash, often bewilder me. Don’t they realize they bear some responsibility for arriving safely at their destination?
Trend Micro’s webinar on the new PCI DSS Cloud Computing guidelines is a reminder that while the cloud represents an enormous opportunity for offloading the data center burden; your security responsibility doesn’t necessarily follow. (Miss this popular webinar with Amazon and Accuvant? Click here to watch the replay).
When...
Posted by
Dave Asprey in
Cloud
Feb 14th, 2013 |
No Comments
Big Cloud Security News
If you are using cloud computing, some major news just came out. PCI released the DSS Guidelines for Cloud Computing on Feb 7th. This is really important because the new document provides “guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.” While it’s meant for organizations already using (or planning to use) cloud as part of a cardholder data environment (CDE), it applies to nearly every cloud user, as the PCI DSS cloud guidance is sure to influence cloud security standards even for non-CDE environments.
Why...
Posted by
Jonathan Gershater in
Cloud
Nov 30th, 2012 |
No Comments
In his 90 minute keynote address at the AWS re:Invent conference, Andy Jassy quite unabashedly gave these reasons for using AWS versus a private cloud, (at the 32 minute mark) :
So public cloud adoption should be a no-brainer, right? Oh wait, but Andy omitted security in the public cloud – how can I trust that my customers’ sensitive data is secure in the public cloud?
Been there, heard that before.
I agree, the message wears thin that enterprise businesses are apprehensive to store sensitive customer data in the public cloud, and thus hesitant to adopt the cloud at all. (By...
Posted by
Jonathan Gershater in
Cloud, Deep Security
Nov 28th, 2012 |
2 Comments
When you host applications in the public cloud, you assume partial responsibility for securing the application. The cloud provider, for example Amazon Web Services (AWS), secures the physical data center (with locked badge entry doors, fences, guards, etc.) in addition to securing the physical network with perimeter firewalls. This is no significant change from how you secure your corporate datacenter.
Just like you enhance the security of physical and virtual servers in your datacenter with host-based firewalls (ip tables, Windows firewall), anti-virus and intrusion detection, so you must protect...
