As AWS DevOps partners, we are often asked the best approach to balance DevOpsSec within AWS environments. What are the AWS and DevOps best practices and how do you build in security in such a way that it propels the business forward?
We recently had the opportunity to work with a pharmaceutical company that is breaking new ground when it comes to treatments for life-threatening ailments like cancer. Seeking to innovate across the organization -- from R&D to IT -- this company reached out to the DevOps team at Flux7 to help it migrate its Cloudera Hadoop-based analytics systems to AWS. Specifically, the vision was to take all of its diverse data sets to the cloud, establishing a highly available and secure environment where the firm could conduct data modeling and data analysis while protecting sensitive data and ensuring GxP and HIPAA compliance. Read on for the full AWS case study.
In our experience working with hundreds of organizations on compliance projects ranging from AWS PCI compliance and AWS HIPAA compliance to internal risk management initiatives, it’s clear that achieving and maintaining compliance is a delicate balance. Too many rules can slow progress and sometimes even cause teams to avoid complying at all. And too few guidelines can obviously result in unwanted fines, or in a worst case scenario, a security vulnerability that causes the business serious harm. Central to establishing and ensuring AWS risk and compliance efforts is the well-known practice of AWS configuration management. It plays a central role in keeping systems in a known, good state and with the application of automation can help organizations strike an optimal balance.
A misconfigured data bucket in AWS Simple Storage Service (S3) led to a Republican contractor’s database of nearly every voter being left exposed on the Internet for 12 days, according to CRN. This news presents an unfortunate reminder of why good AWS security hygiene is important to designing, building and managing AWS environments. In this spirit, we’d like to explore two basic AWS best practices that when built-in can help stave off extreme events like this.
AWS automation recently got a boost: the company introduced the ability to build an end-to-end release automation workflow that can deploy changes across multiple regions or different AWS accounts. And they subsequently featured an article on their blog on the steps to create a cross region CodePipeline. Today, however, we want to address the other half of this equation -- building cross account pipelines -- and thought it worthwhile to share with you here when and why we would recommend the benefits of this approach.
As systems become more complex, it’s more important than ever to ensure you have a strategy for effective and efficient secrets management. While we will dive into the technical aspects of doing just this within AWS, let’s first review what exactly secrets are and why you need to manage them.
At re:Invent 2016, AWS announced Organizations, the ability to have and easily manage multiple accounts. Flux7 consultants have long recommended multiple accounts to clients as a best practice for maintaining separation of roles and applications to address security and compliance policies and now it’s even easier with the AWS Organizations Service. Let’s first walk through what makes it so easy and then we’ll share AWS and Flux7 best practices.
Controlling access to sensitive information, or secrets, required by your applications is a ubiquitous architectural requirement. Your applications need information like passwords, API keys, and certificates, and as the application owner you need to ensure this information is only accessed by the correct application. You also need to know when this information was accessed and by which entity.
At Flux7, we get the opportunity to work with organizations across many industries and with a variety of challenges. As a result, we often get asked how other companies approach and solve different challenges. One challenge we are frequently asked about is website performance, security and elasticity, especially as it relates to eCommerce. As such, we’re happy to share with you today the story of a customer who was looking to balance these goals and how with the help of Flux7 consultants they were able to do so.