AWS Partner Network (APN) Blog
Category: Security
How to Mitigate Security and Privacy Resistance in Secure Data Migrations
One of the first steps for organizations adopting AWS is migrating data from an on-premises environment or existing cloud to AWS. Many legal and regulatory requirements make it imperative to know the cause and reason for collection, storage, and usage of data, as well as the exact physical location of the data. Learn how Dataguise, a PKWARE company, helps organizations minimize risk and cost during the data migration process.
How Radware CNP Uses Amazon Route 53 Query Logging for Threat Detection
AWS recently launched a new feature as part of its Amazon Route 53 service, called Route 53 Resolver Query Logging. This new service enables organizations to retrieve logs of their Domain Name System (DNS) queries originating from resources within their VPCs. Learn how these logs can be analyzed as part of the Radware Cloud Native Protector Service (CNP), which provides a range of fully managed, enterprise-grade cloud security solutions to protect applications running in public clouds.
Unifying Threat Detection for Cloud and Containers to Reduce Risk Using Sysdig
Implementing effective threat detection for applications in the cloud requires visibility into all aspects of your infrastructure and workloads. By taking advantage of AWS services, you’re freed to focus on the applications that drive your business. Security in the cloud is a shared responsibility between AWS and the customer, however, and Sysdig’s cloud security platform helps you follow security best practices and simplify the work of securing your AWS account and workloads.
Cloud Posture and Threat Analytics with Cisco Secure Cloud Analytics
As organizations continue to adopt AWS, their risk footprint increases from both an infrastructure and network perspective as it relates to compliance posturing, configuration risk, and network threats. Explore the integration between AWS and Secure Cloud Analytics, a SaaS-delivered Network Detection (NDR) offering from Cisco that monitors multi-cloud and hybrid environments for threats and policy violations and provides comprehensive visibility for any environment.
Exposing Private APIs Across AWS Accounts Only for Authorized Access Methods
Virtusa recently received a requirement to make an application programming interface (API) accessible across another AWS account. The API was an internal-only API hosted in a private subnet, and could be accessed only from within the network. The requirement also stipulated Virtusa make only a few read-only (Get) methods accessible, and not all the methods from the API. Learn how Virtusa addressed the customer’s challenge by designing a solution that uses Amazon API Gateway with IAM authentication.
Embracing DevSecOps: Building Security into Cloud-Native Development Workflows
Automation and integration are critical to producing applications with fewer flaws at a speed that won’t slow developers down. However, this is only possible with a well-planned DevSecOps program and the right tools embedded into your software development lifecycle. Dig into the importance of the digital shift and how you can implement DevSecOps into existing workflows with the combined control of Veracode’s scanning tools and AWS integrations.
How to Tokenize and De-Identify Your Data in Amazon RDS with Baffle
Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.
Approaching Least Privilege – IAM Policies with Usage-Based Analytics
AWS customers are increasingly searching for new ways to manage access in a scalable way that maintains the benefits of an agile DevOps delivery model. However, the traditional and highly-manual processes for assessing and certifying access quickly demonstrates they cannot keep up with the speed of DevOps changes. Learn how PwC designs and implements baseline IAM roles for customers while leveraging usage-based analytics to identify overprivileged roles.
Using AWS CodeBuild and Bridgecrew to Prevent Misconfigurations in AWS CloudFormation and Terraform
Scanning for misconfigurations as part of your CI/CD pipeline helps maintain a solid security posture for all changed resources before provisioning them to a running environment. Learn how to integrate infrastructure as code security and compliance scanning using AWS CodeBuild and Bridgecrew, a cloud security platform for developers. Bridgecrew is generally used to find security misconfigurations and policy violations across Amazon Web Services (AWS) and in configuration frameworks.
Improving Security in the Cloud with Micro-Segmentation
Micro-segmentation is a building-block of the shared responsibility security model and makes your security measures more effective. Understanding of the shared responsibility security model is imperative for successful, secure cloud and digital transformation projects, as well as the future growth of public cloud infrastructure. Learn how implementing micro-segmentation as part of that process can help you maintain a more secure environment than simple traditional perimeter security.