As someone who has spent a long time in network and endpoint security and then moved to cloud security, I can sympathize with people with security backgrounds who want to learn more about the cloud and cloud security concepts. AWS, EC2, CMK, KMS, IAM, SQS, etc.? It can seem like a big alphabet soup of unfamiliar acronyms. And lots of questions come up. How can I know whether a cloud provider encrypts a service by default or if I must specify it? What is the difference between a queue and a topic? Does CMK stand for customer-managed key or customer master key?
Organizations are excited about the cloud and what it can do for their business. Cloud computing offers the promise of services at elastic speed and DevOps teams are embracing the opportunity to innovate at speed and efficiently scale. The ability to easily bring up thousands of servers within minutes, however, also introduces security and compliance issues. Security and compliance issues are often neglected or avoided because of the perception that adding security will dramatically slow the pace of development. DevOps and security teams may seem to have opposing interests at times. Development teams who deploy apps in the cloud are used to moving fast and having the freedom to deploy whatever resources they need to accomplish their goals. They are not security and compliance...
DevOps provides IT enterprises with the ability to rapidly iterate on smart, fast software deployments. Relying on powerful version control and build tools like Github and Jenkins enables DevOps teams to save time and money by including development and operations in a single automated pipeline. However, in some DevOps environments, security is often neglected or avoided because of the perception that the security team will introduce inefficiencies and dramatically slow the pace of development. Bypass the unnecessary risks of this approach by integrating security directly into your DevOps pipeline. DevSecOps Provides Agile Security DevSecOps is established by placing security controls in every phase of your pipeline. Common best practices include: Training: Educate engineers to...
It has never been faster or easier to get something deployed in the cloud. Every day, it seems that cloud service providers like AWS and Azure are delivering a slew of new services that make it easier for enterprises to move their workloads to the cloud. Unfortunately, security and compliance may be left behind. The cloud offers increased efficiencies and scalability, but organizations need to also pay attention to security and compliance requirements or they could put themselves at risk. What does it mean to move both fast and safely to the cloud? You should follow a few fundamental steps: 1) Discover what is running. Most companies have existing environments in the cloud, so it’s important to know what is running and where. The cloud provides APIs for querying what’s in your...