As we discussed recently, AWS microservices are being adopted widely across organizations and industries for their ability to increase service delivery and speed time to market while decreasing team overhead. As organizations begin traveling down the path to a microservices architecture, one hurdle that they often run into is enterprise password management or secret management. For, as the number of microservices increase, so too do the number of credentials—often exponentially so—creating a need for effective and efficient management.
According to Innovative Retail Technologies, 52% of surveyed retailers plan to actively move applications to the cloud this year. The initially tepid response to cloud is waning as retailers learn more about its strengths for availability and innovation. Yet, one question our AWS consultants frequently field from retailers is about achieving AWS PCI Compliance in the cloud. As most readers of this blog know, the Payment Card Industry Data Security Standard, otherwise known as PCI DSS, is an information security standard requiring organizations to incorporate controls around customer data to prevent credit card fraud. There are several ways that AWS helps its retail clients build a foundation for PCI compliance and they’ve recently announced one more in the form of a Quick Start.
Automating common administrative tasks to improve workload reliability and decrease potential risk is a common theme our consultants at Flux7 help our clients with. Doing so simplifies administration, encourages security through consistency and helps improve control over users and permissions. Amazon launched EC2 Run Command in October 2015 to help attain these benefits.
As AWS experts we work closely with organizations who handle a wide variety of sensitive information – from patient health records to credit card data and more. Resultantly, we are always on the look-out for technology and best practice-based improvements to ensuring cloud-based security. With more and more of our clients looking to embrace a microservices architecture, cloud security and compliance naturally didn’t stop being a focus which is why we are happy at the news from AWS today that they’ve addressed how to help secure container-enabled applications with IAM Roles for ECS tasks.
Just last month we wrote about Docker upping the security ante with a number of new security controls built into Docker 1.10 and here we are yet again. Dockercon 16 is coming up fast - June 19-21, 2016 in Seattle - and we're looking forward to sharing the Dockercon stage for second time with a customer - Fugro this time - to talk about how enterprises can use Docker and AWS to address common challenges. Check out the speaker list here.
Amazon Simple Systems Manager or SSM as we’ll refer to it throughout this article, is a great example of an important feature in the Amazon Web Services toolset that we try to highlight for our clients because of its DevOps, compliance and security benefits. As AWS partners recognized for our customer service and expertise, we are often asked about the implications of specific AWS features and their benefits.
AWS CodeCommit is a fully managed version control management service offered by Amazon Web Services. It is a highly scalable and fully managed hosted service. It is compatible with Git and hence all of the git commands work with AWS CodeCommit. AWS Codecommit is highly secure in the sense that the data is encrypted both at rest and in transit. The repositories offered under this service are private by default. AWS Codecommit supports both HTTPS and SSH protocols.
Docker recently unveiled version 1.10 of its popular container technology. Security was a major focus of the release with several features designed to strengthen the security of Docker containers. According to the Docker blog,
“All the big features you’ve been asking for are now available to use: user namespacing for isolating system users, seccomp profiles for filtering syscalls, and an authorization plugin system for restricting access to Engine features. Another big security enhancement is that image IDs now represent the content that is inside an image, in a similar way to how Git commits represent the content inside commits.”