AWS Government, Education, & Nonprofits Blog

Tag: security

Episode 3: Building Secure Code

Writing code and deploying an application can expose you to security vulnerabilities. This means your security woes don’t end after architecting. This post reviews common application security vulnerabilities, as well as how to build, test, and deploy code to catch vulnerabilities early.

Read More

Episode 2: Securing Your App’s Infrastructure

Before a developer can commit their first line of code, they must think about the security of their application. With a move toward a DevSecOps culture, security is not solely the job of the security team – in the same way that infrastructure and deployment are not the sole responsibilities of the operations team. Developers should partake in both operations and security, as they know their own application best. This blog outlines a framework for thinking about security for your app’s infrastructure and how AWS’ product features can address those concerns.

Read More

Twitch Episode 1: Getting Started With Secure App Dev: Job 0

Security is job zero at Amazon Web Services (AWS). What should that mean to you as a new user of the AWS Cloud? How does it translate to a regulated environment, such as healthcare, government, education, or financial services? Securing your AWS account is the first place to start.
How you set up your account depends on your organization. It’s possible your account was created for you by your central IT organization, using AWS Control Tower or AWS Organizations. If that’s the case, some of the below may have already been done for you. The following can serve as a helpful check as you get started.

Read More

Secure, citizen-centric cloud services: AWS awarded PROTECTED certification in Australia

The Australian Cyber Security Centre (ACSC) has awarded PROTECTED certification to AWS. This is currently the highest data security certification available in Australia for cloud providers on the Certified Cloud Services List (CCSL). With this new certification, public sector organisations can easily store their most highly sensitive workloads in the AWS Cloud.

Read More

How to Apply the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation Programs on AWS

Continuous Diagnostics and Mitigation (CDM) is an important part of the federal government’s cybersecurity strategy, and it’s getting a boost in visibility since the House passed the Advancing Cybersecurity Diagnostics and Mitigation Act (H.R. 6443). Among other things, this Act directs the U.S. Department of Homeland Security (DHS) to develop and provide the capability to collect, analyze, and visualize government-wide information relating to security data and cybersecurity risks and to make these program capabilities available for use by any federal agency.

Read More

The Five Ways Organizations Initially Get Compromised and Tools to Protect Yourself

Over the years, many organizations’ on-premises IT infrastructure has been compromised. Often times, organizations are left defending infrastructure, data, and people without understanding who is attacking them and why. But the sliver lining is that attackers often use the same tactics to try to initially compromise their targets. Knowing the ways that attackers try to get a foothold in your environment can help you defend it better.

Read More

Don’t Discount the Value of Innovation

Over the years, I have talked to thousands of customers about security and compliance topics. Many of these conversations revolved around specific security controls customers were interested in, or assurances about how specific cloud services are managed, or whether a cloud service complies with a specific regulation. Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) tend to be focused on maximizing control and visibility – and for good reasons. But with the focus on security controls and compliance requirements, one important topic rarely gets discussed: innovation. Overlooking the value of innovation to an organization, and the value of the pace of innovation, can be a serious ROI miscalculation.

Read More

Casting the Vote for the Cloud

Choice and self-determination are cornerstones of our nation’s democratic process. Come election night, we might not all root for the same candidates, but there’s one point we can all rally around – the need for modernization and the role of the cloud in powering U.S. elections.

Read More