When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reliable, and easy to use. But getting the security of S3 right—and making sure it stays that way—continues to confound many AWS customers.
By the Fugue Team in collaboration with Dave Williams, cloud architect at New Light Technologie s . Employers across the U.S. and around the world are rapidly shifting to a mandatory work-from-home (WFH) arrangement to help slow the spread of the coronavirus (COVID-19). Even for organizations already operating with team members working from home, this shift is likely causing disruption.
Infrastructure misconfiguration is the leading cause of data breaches in the cloud, and a big reason misconfiguration happens is infrastructure configuration “drift,” or change that occurs in a cloud environment post-provisioning. If you’re responsible for the security and compliance of cloud environments, you probably spend a lot of time focused on analyzing infrastructure drift events and remediating them. It’s easy to think of all drift as being bad or undesirable. And make no mistake, some of it is really bad. Ugly even! But some drift is good and desired, and understanding the differences between the good, the bad, and the ugly--and how to recognize them--can save you and your team a lot of frustration and wasted time.
In last week’s blog we discussed the Shared Responsibility Model and how it affects enterprises’ cloud security. Based on the Shared Responsibility Model, organizations are responsible for security in the cloud, which includes how they configure and use the resources provided by the cloud service providers. Falling within this realm are cloud resource configurations. Cloud configurations are complex and if not implemented correctly, can increase the risk of a data breach.
Security and compliance are priorities for companies in the cloud. However, cloud security and compliance is not the responsibility of any single entity alone and determining the demarcation line can lead to confusion. Security and compliance in the cloud is a shared responsibility between the cloud service providers (CSP) and their customers.
Whenever there's talk of the cloud, misconfiguration and the security risk it brings inevitably becomes a part of the conversation. And of course, once you start talking about cloud misconfiguration, “auto-remediation” often creeps into the conversation. But what does “auto-remediation” really mean? The concept of “auto-remediation” is that the solution finds problems or policy violations in your cloud infrastructure and automatically fixes them.
It has never been faster or easier to get something deployed in the cloud. Every day, it seems that cloud service providers like AWS and Azure are delivering a slew of new services that make it easier for enterprises to move their workloads to the cloud. Unfortunately, security and compliance may be left behind. The cloud offers increased efficiencies and scalability, but organizations need to also pay attention to security and compliance requirements or they could put themselves at risk. What does it mean to move both fast and safely to the cloud? You should follow a few fundamental steps: 1) Discover what is running. Most companies have existing environments in the cloud, so it’s important to know what is running and where. The cloud provides APIs for querying what’s in your...
The Fugue SaaS platform secures the entire cloud development lifecycle—from infrastructure as code through the cloud runtime. Fugue empowers cloud engineering and security teams to prove continuous compliance, build security into cloud development, and eliminate cloud misconfiguration.