Posted by
Dave Asprey in
Cloud
Apr 30th, 2013 |
No Comments
If you still believe that your systems management consoles should be running on servers in your data center, you’re definitely from the pre-cloud era. Even if you believe your systems management and security consoles should be running on infrastructure as a service instances you control, you’re also out of date.
The evidence is in, and your control systems should absolutely reside in the cloud, even if the systems they control are not in the cloud. Cisco’s recent acquisitions are a reminder, and so is this week’s launch of Trend Micro’s new Deep Security as a Service that secures AWS...
Posted by
Justin Foster in
Cloud
Apr 30th, 2013 |
No Comments
Over the past weeks we have been reviewing the top 10 tips for securing instances running on Amazon Web Services. We walked through the critical controls as part of the AWS shared security model. As noted in these tips, host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring are critical for protecting your applications and data.
While some of these recommended tips involve configuring and tuning AWS itself, some require the use of third-party tools. So when looking for candidates for securing your cloud projects, here are five questions...
Posted by
Dave Asprey in
Cloud
Apr 29th, 2013 |
No Comments
Amazon Web Services did it again. Its new service, OpsWorks, is an application management service with the ability to manage applications of any scale or complexity in the AWS cloud. This integrated system manages resource provisioning, configuration management, application deployment, software updates, and monitoring and access control.
The service is another offering from the leader in cloud computing poised to disrupt a market, in this case, Platform as a Service (PaaS). OpsWorks will compete directly with PaaS mainstays Heroku, Engine Yard and AppFog. Given the speculation that AWS is working...
Posted by
Mark Nunnikhoven in
Cloud
Apr 17th, 2013 |
No Comments
In last week’s post, we gave a high level overview of vulnerability assessments. This type of assessment results in a prioritized list of vulnerabilities in your deployment. It’s an excellent first step in knowing the state of your deployment.
The next step you should take is to conduct a penetration test.
The Test
A penetration test (or simply, pentest) is an active test of your defenses. You’re hiring a trusted 3rd party to attack your deployment in order to find exploitable vulnerabilities. The theory is that it’s better to have someone working with you do this before...
Posted by
Ryan Delany in
Cloud
Apr 15th, 2013 |
1 Comment
As a Product Marketing Manager for Trend Micro™ Worry-Free™ Business Security Services, I hear a lot of objections about the product, and in particular, a lot of cloud-related fears. Some examples of things I hear from customers and partners are:
“I wouldn’t be secure if my Internet connection went down.”
“I don’t want to put all my data in the cloud.”
“I don’t want to waste all my bandwidth, uploading everything to the cloud to be scanned.”
The cloud is becoming better understood by the average person these days, thanks to companies like Google, Apple, Netflix, and other...
Posted by
Justin Foster in
Cloud
Apr 10th, 2013 |
No Comments
In this series, Mark and I have talked about hardening your AWS resources (both inside and outside of your instances) and preforming ongoing monitoring. The last two tips are around measuring your overall security so that you can understand your risks and measure your progress.
It may be an old adage but it still rings true… You can’t manage what you can’t measure. You may have layer upon layer of defense, but unless you conduct a vulnerability assessment you don’t really know where you stand.
Assess Your IaaS
Conducting a vulnerability assessment includes identifying and prioritizing vulnerabilities...
Posted by
Mark Nunnikhoven in
Cloud
Apr 3rd, 2013 |
No Comments
Last week, we tackled the basics of monitoring your AWS deployment. This week we’re going to shift gears and take a look at encryption.
Data Drives Your Business
Your business runs on data and information. One of the biggest concerns about moving to the public cloud is the safety of that data. With a little due diligence, you can put those concerns to bed.
There are three key steps to protections your data in the cloud:
Identify and classify your data
Protect your data at rest
Protect your data in motion
Identify & Classify
You can’t take steps to protect your data until you...
Posted by
Justin Foster in
Cloud
Mar 27th, 2013 |
No Comments
So far in this series, we have shared tips for securing access to your AWS resources, hardening your system and protecting with a firewall and IPS combination. At this point, your applications running on Amazon Web Services are resilient to attack, but it is critical that ongoing monitoring be a part of your overall security strategy. Monitoring ensures that you are aware of intrusions that have made it past your lines of defense, and that your application continues to operate correctly.
Start With Statistics
AWS provides CloudWatch, an excellent service to monitor your overall system health....
Posted by
Dave Asprey in
Cloud
Mar 14th, 2013 |
No Comments
Recently I was honored to give a keynote about the future of cloud security at the Cloud Security Alliance Summit at RSA 2013 .
This video is worth your time to watch. It covers a brief history of cloud security, where it is headed, and who it will impact. The bottom line is that no matter where your data sits, you are ultimately responsible for its security. That has important implications for where your security console should sit, and it will drive the behavior of the security software industry and cloud service providers. The truth of the matter is that the security industry relies on clog...
Posted by
Justin Foster in
Cloud
Mar 13th, 2013 |
No Comments
In this series, Mark and I have covered tips for securing your Amazon Web Services (AWS) account, building hardened Amazon Machine Images and locking down the operating system. Now we turn our attention to one of the most simple, yet powerful ways to secure your instances: the firewall.
Implementing a firewall policy is just basic survival when it comes to internet-facing servers. AWS provides Security Groups as a mandatory whitelisting firewall to limit inbound open ports on EC2. You can allow specific ports/protocols for an IP or CIDR. Within a Virtual Private Cloud (VPC) the firewall adds...
