101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices

The fourth — and final — blog post in our series of AWS Security Tips and Quotes offers tips on AWS Security Best Practices. So far the series has covered:

Today’s post offers recommendations that include running a configuration audit, using automation to reduce errors, ensuring that you stay abreast of the latest best practices and recommendations provided by AWS and other resources — and more. Read more “101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices”

21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)

More companies are moving to the cloud than ever before. Amazon Web Services (AWS) is one of the most popular cloud platforms, and for good reason: AWS provides a robust set of features and services that give it broad appeal among businesses of all sizes. But when it comes to security, many companies continue to fall short, putting their sensitive data at risk. In a recent Threat Stack study, for example, we discovered that 73% of companies have at least one critical AWS security misconfiguration that enables an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.

To gain some insight into the biggest (and potentially most devastating) mistakes companies are making related to AWS security as well as tips and strategies for avoiding them, we reached out to a panel of InfoSec pros and AWS experts and asked them to answer this question:

“What’s the number one mistake companies make when it comes to AWS security (and how can they avoid it)?”

Read more “21 InfoSec and AWS Experts Reveal the #1 Mistake Companies Make When It Comes to AWS Security (and How to Avoid It)”

‘Tis the Season To Be Proactive, Vigilant, & Transparent

Cyber Monday is here (and for those of us in the cloud security business, it’s also the start of the AWS re:Invent 2017 conference). So given all the strange things that have been happening in our cyber environment, we thought we would once again remind organizations and consumers alike about the need to be proactive and extra vigilant in their security practices. Read more “‘Tis the Season To Be Proactive, Vigilant, & Transparent”

How to Leverage Automation to Make Your Organization Secure by Design

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this. Read more “How to Leverage Automation to Make Your Organization Secure by Design”

Join Threat Stack’s Automating AWS Security Webinar

Secure by Design: Automating Security for Your Cloud Deployment

Security and DevOps teams are both being asked to make their organizations run faster and more securely while proving it in the form of compliance audits and completed security questionnaires. But no one has the time — and few have the knowledge — to do all this, let alone do it well.

Read more “Join Threat Stack’s Automating AWS Security Webinar”

Why You Don’t Need to Code to Run Secure on AWS

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read more “Why You Don’t Need to Code to Run Secure on AWS”