Articles tagged with "security"

New AWS Config Rules - LambdaLess and rust(y)

AWS Config checks all your resources for compliance. With 260 managed rules, it covers a lot of ground. But if you need additional checks until now, you had to write a complex Lambda function. With the new “Custom Policy” type, it is possible to use declarative Guard rules. Custom Policy rules use less lines of code and are so much easier to read.

NetApp DataSense on AWS

Over the last years, demands and expectations on data security have increased dramatically. The main drivers are local data privacy regulations like the EU-GDPR, which imply awareness of sensitive data and an overview of potential risks. Amazon has offered its service Macie in 2017, added new capabilities lately, and is doing a great job with data on S3. But how do you include your EFS/FSx file shares and RDS databases to eliminate blind spots? Meet NetApp Cloud DataSense.

Darf ich als deutscher Finanzdienstleister in die Cloud?

Viele Unternehmen und insbesondere solche in der Finanzbranche stellen sich die Frage, ob sie ihre IT oder Teile dieser überhaupt in die Cloud migrieren dürfen. Ja, die Cloud skaliert gut, sie schafft bessere Verfügbarkeit lokal wie global, sie fördert Agilität, erleichtert den Zugang zu neuen Technologien und kann in vielen Fällen auch Sicherheitsvorteile schaffen. Aber wie die rechtliche Situation bei einer Auslagerung an Public Cloud-Anbieter aussieht, steht nochmal auf einem anderen Blatt Papier.

Testing Terraform with InSpec (Part 1)

While Infrastructure-as-Code slowly becomes omnipresent, many of the communicated advantages of the approach stay mostly unrealized. Sure, code style checks (linting) and even automated documentation get more common every month. But one of the cornerstones often gets ignore: testing. Let’s see which types of code testing are available and how to do it without writing too much code. The promise of the Infrastructure-as-Code (short: IaC) movement is to handle infrastructure just as if it was a program.

Be Aware of EBS Direct APIs

Recently, I blogged about a security incident where CloudTrail was not set up to log S3 data events. But while this is the most common type of data events, there are some more. And one of them has really scary implications. But good news: you can protect yourself about that.