Compliance

ESP @ Work: Simplifying Compliance at a Regional Bank

“ESP makes it possible for me and my team to move along the maturity model much faster than my peers without relying...

ESP @ Work: Enabling Always-on Compliance for Electronic Health Record Company

“Before ESP, preparing for our annual compliance audit would be an 11 month cycle. With ESP we can view our state of...

Cloud Security This Week – September 1, 2017

It’s never dull for those trying to keep the cloud safe from harm, but this was a relatively quiet week for cloud...

Continuous Compliance and the Art of a Stress-Free Audit

Compliance audits are necessary, but rarely fun. However, enterprises that adhere to compliance best practices and...

ESP @ Work: NIST 800-53 Compliance and GovCloud at a Collaborative Software Company

“The Evident Security Platform (ESP) and the NIST Compliance Report provides practitioners, executives and auditors...

Cloud Security Fitness Guide – Exercise #10: Watch World-Readable and Listable S3 Bucket Policies

S3 has been around for quite some time. It may be the oldest Service in the ever expanding Web Services provided by...

Cloud Security Fitness Guide – Exercise #9: Do Not Allow 0.0.0.0/0 Unless You Mean It

In the last post, John Martinez wrote about how Autoscaling can help an application deployed on AWS survive an attack....

Cloud Security Fitness Guide – Exercise #8: Use AutoScaling to Dampen DDoS Effects

 We’re switching the series up a little bit and going to pay some attention to the network layer for a couple of...

Cloud Security Fitness Guide – Exercise #6: Rotate all the Keys Regularly

In the previous article, we had a pretty deep discussion on how and why to limit privilege in the AWS IAM service....

Cloud Security Fitness Guide – Exercise #7: Use IAM Roles with STS AssumeRole

We are more than half way through the top ten, so let's finish up the IAM discussion before jumping into some of the top...

Cloud Security Fitness Guide – Exercise #4: Use Roles for EC2

By now, you're getting the theme that security on AWS is all about being proactive. The point of proactive security is...

Cloud Security Fitness Guide – Exercise #3: Reduce IAM Users with Admin Rights

Based on the last two posts, you have disabled your AWS root user; removed any root keys, assigned an MFA to that user,...