22 Aug 2016

Handling Secrets in Microservices

As we discussed recently, AWS microservices are being adopted widely across organizations and industries for their ability to increase service delivery and speed time to market while decreasing team overhead. As organizations begin traveling down the path to a microservices architecture, one hurdle that they often run into is enterprise password management or secret management. For, as the number of microservices increase, so too do the number of credentials—often exponentially so—creating a need for effective and efficient management.

Read More
09 Aug 2016

Implementing PCI DSS on AWS

According to Innovative Retail Technologies, 52% of surveyed retailers plan to actively move applications to the cloud this year. The initially tepid response to cloud is waning as retailers learn more about its strengths for availability and innovation. Yet, one question our AWS consultants frequently field from retailers is about achieving AWS PCI Compliance in the cloud. As most readers of this blog know, the Payment Card Industry Data Security Standard, otherwise known as PCI DSS, is an information security standard requiring organizations to incorporate controls around customer data to prevent credit card fraud. There are several ways that AWS helps its retail clients build a foundation for PCI compliance and they’ve recently announced one more in the form of a Quick Start.

Read More
01 Aug 2016

AWS EC2 Run Command Enhancements for Greater Control and Reliability through Automation

Automating common administrative tasks to improve workload reliability and decrease potential risk is a common theme our consultants at Flux7 help our clients with. Doing so simplifies administration, encourages security through consistency and helps improve control over users and permissions. Amazon launched EC2 Run Command in October 2015 to help attain these benefits.

Read More
15 Jul 2016

Microservices Security: AWS Increases Container-Enabled App Security

As AWS experts we work closely with organizations who handle a wide variety of sensitive information – from patient health records to credit card data and more. Resultantly, we are always on the look-out for technology and best practice-based improvements to ensuring cloud-based security. With more and more of our clients looking to embrace a microservices architecture, cloud security and compliance naturally didn’t stop being a focus which is why we are happy at the news from AWS today that they’ve addressed how to help secure container-enabled applications with IAM Roles for ECS tasks.

Read More
06 Jun 2016

Docker Security Scanning: Deep Visibility to Container-Based Vulnerabilities

 

Just last month we wrote about Docker upping the security ante with a number of new security controls built into Docker 1.10 and here we are yet again. Dockercon 16 is coming up fast - June 19-21, 2016  in Seattle - and we're looking forward to sharing the Dockercon stage for second time with a customer - Fugro this time -  to talk about how enterprises can use Docker and AWS to address common challenges. Check out the speaker list here 

Read More
26 May 2016

AWS SSM for Improved Security, Auditability and Automation

Amazon Simple Systems Manager or SSM as we’ll refer to it throughout this article, is a great example of an important feature in the Amazon Web Services toolset that we try to highlight for our clients because of its DevOps, compliance and security benefits. As AWS partners recognized for our customer service and expertise, we are often asked about the implications of specific AWS features and their benefits.

Read More
17 May 2016
09 May 2016
27 Apr 2016

Improved Security with AWS CodeCommit

 

 

AWS CodeCommit is a fully managed version control management service offered by Amazon Web Services. It is a highly scalable and fully managed hosted service. It is compatible with Git and hence all of the git commands work with AWS CodeCommit. AWS Codecommit is highly secure in the sense that the data is encrypted both at rest and in transit. The repositories offered under this service are private by default. AWS Codecommit supports both HTTPS and SSH protocols.

Read More
13 Apr 2016

Docker Security, Hardened Containers and a Layered Strategy


Docker recently unveiled version 1.10 of its popular container technology. Security was a major focus of the release with several features designed to strengthen the security of Docker containers. According to the Docker blog,

“All the big features you’ve been asking for are now available to use: user namespacing for isolating system users, seccomp profiles for filtering syscalls, and an authorization plugin system for restricting access to Engine features. Another big security enhancement is that image IDs now represent the content that is inside an image, in a similar way to how Git commits represent the content inside commits.”

Read More

Join Us

Join thousands of technology enthusiasts, subscribe and get expert perspective in your inbox.

Connect With Us

Categories