Category: Security

Amazon Web Services is teaming with RightScale and HyperStratus to deliver a webinar on cloud security. In survey after survey, and just about everywhere I travel, potential cloud computing users mention security as their number one concern. This webinar presents a set of best practices to ensure security for applications running in the Amazon Web Services (AWS) environment using the RightScale management platform with HyperStratus application integration.

Come and learn application security best practices from Bernard Golden, CEO of HyperStratus; Michael Crandell, CEO of RightScale; and yours truly (Steve Riley), Sr. Technical Program Manager at Amazon Web Services. Topics include:

• The three crucial layers of security in a cloud computing environment
• How Amazon Web Services ensures a secure infrastructure throughout its cloud computing environment
• How RightScale implements a management and monitoring framework to ensure consistent application of security policies throughout an application deployment
• Best practices from HyperStratus that integrate applications with the infrastructure and monitoring framework to ensure the highest possible level of application security
• How to address the five key areas of application security configuration to prevent unauthorized access and poor data security in cloud environments

Register now!

> Steve <

In January I wrote about the availability of a conceptual whitepaper describing various scenarios for using Windows ADFS to federate with services running on Amazon EC2 and mentioned that a step-by-step guide was forthcoming. I’m very pleased to announce that the guide is now finished and available for download. To give you a flavor for what you can learn by following the steps in the guide, I’ll quote from its introduction:

This document provides step-by-step instructions for creating a test lab demonstrating identity federation between an on-premise Windows Server Active Directory domain and an ASP.NET web application hosted on Amazons Elastic Compute Cloud (EC2) service, using Microsofts Active Directory Federation Services (ADFS) technology. The document is organized in a series of scenarios, with each building on the ones before it. It is strongly recommended that the reader follow the documents instructions in the order they are presented. The scenarios covered are:

1. Corporate application, accessed internally: Domain-joined Windows client (i.e. in the corporate office) accessing an Amazon EC2-hosted application operated by same company, using ADFS v1.1.
2. Corporate application, accessed from anywhere: External, not-domain-joined client (i.e. at the coffee shop) accessing the same EC2-hosted application, using ADFS v1.1 with an ADFS proxy. In addition to external (forms-based) authentication, the proxy also provides added security for the corporate federation server.
3. Service provider application: Domain-joined and external Windows clients accessing an EC2-hosted application operated by a service provider, using one ADFS v1.1 federation server for each organization (with the service providers federation server hosted in EC2) and a federated trust between the parties.
4. Service provider application with added security: Same clients accessing same vendor-owned EC2-hosted application, but with an ADFS proxy deployed by the software vendor for security purposes.
5. Corporate application, accessed internally (ADFS 2.0): Domain-joined Windows client accessing EC2-based application owned by same organization (same as Scenario 1), but using the currently-in-beta ADFS 2.0 as the federation server and the recently-released Windows Identity Foundation (WIF) .NET libraries on the web server.

We hope you find this information useful and that it helps to simplify migrating existing applications or developing entirely new solutions that leverage the power of Amazon EC2 with your existing internal IT environment.

> Steve <

Good day, everyone. The Software and Information Industry Association (SIIA) is hosting a webinar about cloud security on Tuesday 19 January 2010 at 12:30 PM EST/9:30 AM PST. I’m one of the panelists. Here’s a brief blurb and a list of the participants:

Please join us if you can!

> Steve <

Good day, everyone. I’m Steve Riley. In July 2009 I joined the AWS evangelism team. I spent my first few months absorbing information about all our offerings and am now getting back on the road again, speaking at various events and user groups and meeting with customers. I came from Microsoft, where I was in the telecommunications consulting practice for three years and in the Trustworthy Computing group for seven. I was a global security evangelist there and also worked closely with our chief security officer and enterprise security architect communities. I’m continuing that work here at Amazon Web Services, concentrating on enterprise deployment of cloud computing, all things cloud security, and of course the Windows Server aspects of our offerings.

I’m very excited to be part of AWS. The cloud is the future, and I look forward to meeting many of you and working together. As with all of us on the team, I’m here to help you succeed. More information in the links below.

• My personal blog — information security, cloud computing, travel, music, politics
• My Twitter
• I also watch and respond to the AWS Twitter
• Our LinkedIn group
• My old Microsoft blog — Windows security, security process and practice
• My book — Protect Your Windows Network
• A biography

> Steve <

Mark time in your calendars for a cloud security webinar co-presented by Amazon Web Services and enStratus on Wednesday October 7, 2009 at 11:30 AM – 12:15 PM Central Time US.

Sign up today

Public cloud computing has evolved into a mainstream approach for building out components of an IT infrastructure. Cost saving opportunities make the development of a public cloud strategy absolutely critical. Even before taking on pilot projects in the cloud, however, you should have a solid understanding of the security implications and opportunities in public cloud computing. Amazon Web Services and enStratus have teamed up for this webinar detailing how businesses moving into the cloud can understand the security issues in public cloud computing and how to secure a public cloud infrastructure.

Among the most critical components in cloud security is transparency from your cloud providers. AWS has built out an infrastructure and established processes to mitigate common vulnerabilities and offer a safe compute and storage environment. enStratus operates outside of the AWS cloud, watching over its operations, and keeping your authentication and encryption credentials safe outside the cloud while encrypting the data inside the cloud both in transit and at rest.

Steve Riley from AWS and George Reese from enStratus will discuss common cloud security concerns and show you how to take advantage of the security features AWS and enStratus provide you to build a secure public cloud infrastructure.

Key Learnings

• How does AWS protect its infrastructure and, by extension, your data?
• What can you do with tools like enStratus to further protect your data?
• How can you use enStratus to protect your data from third-party subpoenas or subpoenas targeted at AWS?
• How can I manage user access to my AWS infrastructure?
• What issues impact compliance with various standards/regulations in the AWS cloud?

Speakers

George Reese, O’Reilly cloud computing author and CTO for enStratus, a leading cloud management platform.

Steve Riley, Sr. Technical Program Manager for Amazon Web Services.

>> Steve <<