Posted by
Mark Nunnikhoven in
Cloud
Mar 20th, 2013 |
No Comments
So far in this series, Justin and I have provided tips for securing the foundations of your AWS deployment. Taken together, these tips work to reduce the overall attack surface—the area exposed to the outside world—of your application. Now it’s time to add the next layer of controls to you application, starting with a host-based intrusion prevention system or IPS.
Why IPS?
At this point we’ve already disabled unused services on our instances and have blocked any unnecessary inbound ports using our firewalls. This is a fantastic start but it really only reduces the area we present...
Posted by
Mark Nunnikhoven in
Cloud
Mar 6th, 2013 |
No Comments
Last week, Justin covered some of the high level issues around AMI development. This week, we’re going to take a look at how to protect the guest operating system running on your EC2 and VPC instances.
AWS Recommendations
AWS had published quite a few papers around their services. AWS Security Best Practices [PDF] and AWS Risk and Compliance [PDF] stand out as excellent security resources. In the best practices paper, under the section “Secure your Application” (pg. 4), they make a few recommendations which boil down to:
patch ASAP
use recommended secure settings for operating...
Posted by
Bharath Chandrasekhar in
Cloud, Cloud-based Security, DataCenter, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security
May 11th, 2011 |
Comments Off
How difficult is it to run a public cloud service?
As all of us know, Amazon Web Services (AWS) experienced an outage on 21-Apr-2011 and that lasted for almost 4 days. Quite a lot of companies were affected and you can find the list here. The Internet was flooded with articles speculating what went wrong, whether cloud computing is viable in the long run, how Amazon services did not function as advertised, how the applications should be built, etc. While most offered their opinion in broad strokes such as “use multiple regions/clouds”, “use built-in redundancy”, “don’t use public clouds”,...
Posted by
Christine Drake in
Cloud, Cloud-based Security, DataCenter, public cloud, Secure Data Centers, Securing the Cloud, Security
Apr 27th, 2011 |
Comments Off
Last Thursday, April 21, 2011 Amazon Web Services Elastic Compute Cloud (EC2) had an outage that impacted multiple Availability Zones. Thursday morning, Amazon issued a status update indicating that the outage was based on problems with replication mirroring: “This re-mirroring created a shortage of capacity in one of the US-EAST-1 Availability Zones, which impacted new EBS volume creation as well as the pace with which we could re-mirror and recover affected EBS volumes. Additionally, one of our internal control planes for EBS has become inundated such that it’s difficult to create new...
Posted by
Greg Boyle in
Cloud, Cloud-based Security, DataCenter, hybrid-cloud, IaaS, PaaS, Privacy, Compliance and Identity, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Apr 20th, 2011 |
2 Comments
The Small Business Journey to the Cloud is Actually a Round Trip
By Greg Boyle, Trend Micro Global Product Marketing Manager
Many small businesses are still uncertain about cloud computing. They wonder if it can help with their profitability without being extremely risky. Let’s start by defining cloud computing in small business terms. There are two commonly agreed upon types of cloud computing: 1) software-as-a-service and 2) infrastructure-as-a-service.
Software-as-a-service (SaaS) is cloud computing where the software you would normally install on your computers in the office is instead...
Posted by
Justin Foster in
Cloud, DataCenter, IaaS, PaaS, Secure Data Centers, Securing the Cloud, Virtualization
Apr 18th, 2011 |
1 Comment
Not long ago, we set out on a mission to perform a full scalability test on one of our products (Trend Micro Deep Security). After some quick, back-of-the-napkin calculations we discovered that we needed somewhere in the order of 35 Dell 710′s with virtualization to complete our test. Finding that many available servers is a tall order for any company, and buying that many servers for a month long test was completely out of the question (try asking your managers for 35 servers and see how pale they go!).
Naturally we turned to the cloud to help us out. Amazon Web Services (AWS) was a good...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, cloudbursting, DataCenter, hybrid-cloud, IaaS, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Virtualization
Mar 28th, 2011 |
4 Comments
Amazon Web Services today announced the availability of dedicated compute instances within a VPC:
Dedicated Instances are Amazon EC2 instances launched within your Amazon Virtual Private Cloud (Amazon VPC) that run hardware dedicated to a single customer. Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud – on-demand elastic provisioning, pay only for what you use, and a private, isolated virtual network, all while ensuring that your Amazon EC2 compute instances will be isolated at the hardware level.
Of course, the humor here is that Amazon didn’t...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security, Threats from the Cloud, Virtualization
Mar 23rd, 2011 |
Comments Off
Surveys indicate that security is the number 1 challenge about the cloud. Using encrypted, self-defending hosts mitigates many security-in-the-cloud issues. Dave Asprey, VP-Cloud Security for Trend Micro, presented to the SD Forum these 16 valuable points of advice regarding data privacy in the cloud.
PLEASE CLICK ON THE “READ MORE” BUTTON TO ADVANCE DIRECTLY TO THE PRESENTATION.
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Share/Bookmark
Posted by
Bharath Chandrasekhar in
Cloud, Cloud-based Security, cloudbursting, DataCenter, hybrid-cloud, private cloud, public cloud, Securing the Cloud, Security, Threats from the Cloud, Uncategorized, Virtualization
Mar 15th, 2011 |
9 Comments
Do you know what cloudbursting is? It is a concept where when you run out of your computing resources in your internal data center, you “burst” the additional workload to an external cloud on an on-demand basis. The internal computing resource is the “Private Cloud” and the external cloud is typically a “public cloud” for which the organization gets charged on a pay-per-use basis. When your deployment has the ability to do “cloudbursting” or spreading the load to the public cloud, you essentially have a Hybrid Cloud.
Hybrid Clouds can deliver a bit...
Posted by
Bharath Chandrasekhar in
Cloud, IaaS, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Virtualization
Feb 28th, 2011 |
1 Comment
One of the delivery models of Cloud Computing is Platform-as-a-Service. In its true definition, a PaaS provider takes care of the underlying infrastructure including the VMs, OS patches, elasticity, auto-scaling, firewalling, etc and provides an API — and a language runtime — to which the programmer should write the code. The users of PaaS have no control over the underlying infrastructure, i.e. there is nothing “open” about it. The most prominent PaaS offerings are Force.com from Salesforce (Apex), Google App Engine (Python and Java), and Microsoft Azure (.NET). It is obvious...
