View Blog Post

Automate Encryption in Transit with AWS Certificate Manager

Traditionally, managing transport layer security (TLS) digital certificates that are used for encrypting data in transit between clients and servers has been a very manual process. In 2016, Amazon Web Services began offering the AWS Certificate Manager (ACM) – a service for managing these digital certificates. By using AWS CloudFormation and AWS CodePipeline, you can Read more…

View Blog Post

Deploy Managed Config Rules using CloudFormation and CodePipeline

“AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.” (Source) There are over 100 Managed Config Rules that AWS provides for all types of checks including Analytics, Compute, Database, Machine Learning, Security, Identity & Compliance, and Storage – Read more…

View Blog Post

Continuous Compliance on AWS with CodePipeline and CloudFormation

Whether it’s in or out of the cloud, most IT compliance usually comes in the form of a multitude of checklists – like the one you see below. It might be a spreadsheet, website, or other “digital” tool but, in the end, it’s still checklists that software teams must comply with by filling out forms Read more…

View Blog Post

Automatically Remediate Noncompliant AWS Resources using Lambda

While enterprises are capable of rapidly scaling their infrastructure in the cloud, there’s a corresponding increase in the demand for scalable mechanisms to meet security and compliance requirements based on corporate policies, auditors, security teams, and others. For example, we can easily and rapidly launch hundreds of resources – such as EC2 instances – in Read more…

View Blog Post

Continuous Compliance on AWS Workflow

It’s 7:37 AM on a Sunday. You’re in the Security Operations Center (SOC) and alarms and emails are seemingly being triggered everywhere. You and a colleague are combing through dashboards and logs to determine what is causing these alerts. After running around with your “hair on fire” for around 30 minutes, you finally determine that Read more…

View Blog Post

Dance like Nobody’s Watching; Encrypt like Everyone Is

While AWS is making computing easier, it can be challenging to know how to effectively use encryption. In this screencast, we provide an overview of the encryption landscape on AWS. This includes services like AWS Certificate Manager, AWS Key Management Service, and the Encryption SDK, which provide encryption in transit and at rest. In addition, Read more…

View Blog Post

AWS re:Inforce: Novelties + Key Insights

Are you a cloud security expert or enthusiast? Were you at the first-ever security-focused AWS conference in Boston? If your answers are Yes and No respectively, I have just one more question for you; Where were you? The first-ever AWS re:Inforce was definitely a success by all means (aside from all the free t-shirts I Read more…

View Blog Post

AWS CodePipeline Approval Gate Tracking

With the pursuit of DevOps automation and CI/CD (Continuous Integration/Continuous Delivery), many companies are now migrating their applications onto the AWS cloud to take advantage of the service capabilities AWS has to offer. AWS provides native tools to help achieve CI/CD and one of the most core services they provide for that is AWS CodePipeline. Read more…

View Blog Post

Continuous Compliance on AWS using AWS Config Rules

How does compliance work in many organizations? From what I’ve seen, it might look something like this: ‘Internal compliance is conducting an audit in three weeks, we need to make sure we’re compliant with all of our internal policies’. What ensues is a heroic effort of people discovering or creating documents and other artifacts indicating what Read more…

View Blog Post

Enforcing Compliance with AWS Organizations

You have a large organization with several development teams that work on various software projects that support your business. A year ago, you brought in a consultant that told you to use multiple AWS accounts because there were benefits to be gained. For example, using multiple accounts we can contain the damage from a possible Read more…