Posted by
Mark Nunnikhoven in
Cloud
Apr 3rd, 2013 |
No Comments
Last week, we tackled the basics of monitoring your AWS deployment. This week we’re going to shift gears and take a look at encryption.
Data Drives Your Business
Your business runs on data and information. One of the biggest concerns about moving to the public cloud is the safety of that data. With a little due diligence, you can put those concerns to bed.
There are three key steps to protections your data in the cloud:
Identify and classify your data
Protect your data at rest
Protect your data in motion
Identify & Classify
You can’t take steps to protect your data until you...
Posted by
Justin Foster in
Cloud
Mar 27th, 2013 |
No Comments
So far in this series, we have shared tips for securing access to your AWS resources, hardening your system and protecting with a firewall and IPS combination. At this point, your applications running on Amazon Web Services are resilient to attack, but it is critical that ongoing monitoring be a part of your overall security strategy. Monitoring ensures that you are aware of intrusions that have made it past your lines of defense, and that your application continues to operate correctly.
Start With Statistics
AWS provides CloudWatch, an excellent service to monitor your overall system health....
Posted by
Mark Nunnikhoven in
Cloud
Mar 20th, 2013 |
No Comments
So far in this series, Justin and I have provided tips for securing the foundations of your AWS deployment. Taken together, these tips work to reduce the overall attack surface—the area exposed to the outside world—of your application. Now it’s time to add the next layer of controls to you application, starting with a host-based intrusion prevention system or IPS.
Why IPS?
At this point we’ve already disabled unused services on our instances and have blocked any unnecessary inbound ports using our firewalls. This is a fantastic start but it really only reduces the area we present...
Posted by
Justin Foster in
Cloud
Mar 13th, 2013 |
No Comments
In this series, Mark and I have covered tips for securing your Amazon Web Services (AWS) account, building hardened Amazon Machine Images and locking down the operating system. Now we turn our attention to one of the most simple, yet powerful ways to secure your instances: the firewall.
Implementing a firewall policy is just basic survival when it comes to internet-facing servers. AWS provides Security Groups as a mandatory whitelisting firewall to limit inbound open ports on EC2. You can allow specific ports/protocols for an IP or CIDR. Within a Virtual Private Cloud (VPC) the firewall adds...
Posted by
Mark Nunnikhoven in
Cloud
Mar 6th, 2013 |
No Comments
Last week, Justin covered some of the high level issues around AMI development. This week, we’re going to take a look at how to protect the guest operating system running on your EC2 and VPC instances.
AWS Recommendations
AWS had published quite a few papers around their services. AWS Security Best Practices [PDF] and AWS Risk and Compliance [PDF] stand out as excellent security resources. In the best practices paper, under the section “Secure your Application” (pg. 4), they make a few recommendations which boil down to:
patch ASAP
use recommended secure settings for operating...
Posted by
Justin Foster in
Cloud
Feb 28th, 2013 |
2 Comments
In our previous top tips for AWS security we looked at hardening access to your AWS resources through proper use of IAM, policies and authentication. In this tip we turn our focus to hardening your Amazon Machine Images (AMI).
No matter whether you pronounce it A.M.I or Ahhh-ME (as the AWS folks do) your machine images are an important part of building applications on AWS. AMIs form the foundation of ‘Instances’ or the running machines in EC2 or VPC. AMIs can be private, communal or from the AWS marketplace.
AMIs may include only the operating system, foundation for your application...
Posted by
Jonathan Gershater in
Cloud
Feb 21st, 2013 |
No Comments
People who drive recklessly to the airport, at a high rate of speed while clutching a cellphone to their ear, only to then board the plane and pray it does not crash, often bewilder me. Don’t they realize they bear some responsibility for arriving safely at their destination?
Trend Micro’s webinar on the new PCI DSS Cloud Computing guidelines is a reminder that while the cloud represents an enormous opportunity for offloading the data center burden; your security responsibility doesn’t necessarily follow. (Miss this popular webinar with Amazon and Accuvant? Click here to watch the replay).
When...
Posted by
Jonathan Gershater in
Cloud
Dec 17th, 2012 |
No Comments
Referencing Wikipedia:
The Pythia , commonly known as the Oracle of Delphi, was the priestess at the Temple of Apollo at Delphi, located on the slopes of Mount Parnassus. The Pythia was widely credited for her prophecies inspired by Apollo.
Amazon Web Service’s (AWS) first user conference in November 2012 was over-subscribed and sold out. Given that the company offers all the infrastructure you need (and then some) in a public cloud: Linux and Windows instances, databases, storage, elastic load balancers, messaging…. it has become apparent that Infrastructure as a Service...
Posted by
Erica Benton in
Cloud
Dec 3rd, 2012 |
3 Comments
Ready to join the conversation? We’re hosting a LIVE TweetChat on December 4, 2012, at 9am PST, to discuss new approaches to the cloud for businesses and how companies can prepare for the next generation of secure cloud computing.
Participants:
Dave Asprey, Vice President, Cloud Security at Trend Micro (@daveasprey)
Stephen Spector, Dell cloud evangelist (@SpectorAtDell)
Erica Benton (moderating as @TrendMicro)
and YOU!
How you can participate – and WIN!
Please use the hashtag #TrendChat on Twitter to send your questions to Dave and Stephen. We’ll be accepting questions...
Posted by
Jonathan Gershater in
Cloud
Nov 30th, 2012 |
No Comments
In his 90 minute keynote address at the AWS re:Invent conference, Andy Jassy quite unabashedly gave these reasons for using AWS versus a private cloud, (at the 32 minute mark) :
So public cloud adoption should be a no-brainer, right? Oh wait, but Andy omitted security in the public cloud – how can I trust that my customers’ sensitive data is secure in the public cloud?
Been there, heard that before.
I agree, the message wears thin that enterprise businesses are apprehensive to store sensitive customer data in the public cloud, and thus hesitant to adopt the cloud at all. (By...
