As AWS experts, we often get asked how different technologies can work with AWS. Most recently we had a customer ask us how to use Azure Active Directory (AD) to manage user authentication to access the AWS console. While we don’t often discuss hybrid cloud technologies in this blog, we thought we’d share with you how we configured Azure AD to manage access to the AWS console.
A misconfigured data bucket in AWS Simple Storage Service (S3) led to a Republican contractor’s database of nearly every voter being left exposed on the Internet for 12 days, according to CRN. This news presents an unfortunate reminder of why good AWS security hygiene is important to designing, building and managing AWS environments. In this spirit, we’d like to explore two basic AWS best practices that when built-in can help stave off extreme events like this.
We recently worked with a Fortune 500 manufacturer of heavy equipment that is focused on quality, productivity, and effectively connecting its customers with data-driven insights via technology. As an international, publicly traded organization, it is also careful about managing security, risk and compliance. So, when this manufacturer asked if we could set up an audit and notification system, we were happy to roll up our sleeves and begin work. (You can read here the full case study of this Fortune 100 customer.)
One of the approaches our AWS Consultants consistently take is Security by Design. By building security in from the beginning--rather than as an afterthought--security rules, processes and controls are inherent to the system. We like to think of it as a race car with the roll cage built into the frame vs. a race car built and the roll cage added afterward. Truthfully, which car would you feel safer helming?
We have been working closely with a customer who is undergoing a business transformation. As a multimedia equipment manufacturer, the organization has a loyal following of its high quality devices. However, like many companies facing the convergence of markets and new customer demands, the company has embarked on a metamorphosis. Traditionally very focused on hardware, their software was largely ignored even though it offered customers real value. Part of the company’s transformation was a move to treat their software like a full-fledged offering, rather than a free supplement. An upcoming product release marked the first (and biggest steps), in cementing this change in company direction.
In addition to the announced AWS CloudFormation YAML support, AWS also announced cross-stack references for CloudFormation. (For Flux7 commentary on YAML support, please see our blog post earlier this week here.) As our AWS experts work daily with CloudFormation, we were very interested in this news and couldn’t wait to roll up our sleeves and take a look for ourselves.
As AWS experts we work closely with organizations who handle a wide variety of sensitive information – from patient health records to credit card data and more. Resultantly, we are always on the look-out for technology and best practice-based improvements to ensuring cloud-based security. With more and more of our clients looking to embrace a microservices architecture, cloud security and compliance naturally didn’t stop being a focus which is why we are happy at the news from AWS today that they’ve addressed how to help secure container-enabled applications with IAM Roles for ECS tasks.