Tag: security

Cloud security at AWS is the highest priority. AWS customers benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. We listen closely to our customers to offer both a secure cloud computing environment and innovative security services that satisfy the security and compliance needs of the most risk-sensitive organizations.

AWS GovCloud (US) isn’t just for government agencies – U.S. commercial companies in aerospace, defense manufacturing, law enforcement, healthcare, financial services, and energy with regulated workloads, sensitive data, and export-controlled data rely on AWS GovCloud (US) to modernize IT. Learn more during next week’s AWS Compliance Week. Themed “Achieving Cloud Compliance and Security in the AWS Cloud,” AWS solutions architects will discuss in five webinars how customers can meet cloud security and compliance challenges using AWS GovCloud (US).

Writing code and deploying an application can expose you to security vulnerabilities. This means your security woes don’t end after architecting. This post reviews common application security vulnerabilities, as well as how to build, test, and deploy code to catch vulnerabilities early.

Before a developer can commit their first line of code, they must think about the security of their application. With a move toward a DevSecOps culture, security is not solely the job of the security team – in the same way that infrastructure and deployment are not the sole responsibilities of the operations team. Developers should partake in both operations and security, as they know their own application best. This blog outlines a framework for thinking about security for your app’s infrastructure and how AWS’ product features can address those concerns.

Security is job zero at Amazon Web Services (AWS). What should that mean to you as a new user of the AWS Cloud? How does it translate to a regulated environment, such as healthcare, government, education, or financial services? Securing your AWS account is the first place to start.
How you set up your account depends on your organization. It’s possible your account was created for you by your central IT organization, using AWS Control Tower or AWS Organizations. If that’s the case, some of the below may have already been done for you. The following can serve as a helpful check as you get started.

The Australian Cyber Security Centre (ACSC) has awarded PROTECTED certification to AWS. This is currently the highest data security certification available in Australia for cloud providers on the Certified Cloud Services List (CCSL). With this new certification, public sector organisations can easily store their most highly sensitive workloads in the AWS Cloud.

Continuous Diagnostics and Mitigation (CDM) is an important part of the federal government’s cybersecurity strategy, and it’s getting a boost in visibility since the House passed the Advancing Cybersecurity Diagnostics and Mitigation Act (H.R. 6443). Among other things, this Act directs the U.S. Department of Homeland Security (DHS) to develop and provide the capability to collect, analyze, and visualize government-wide information relating to security data and cybersecurity risks and to make these program capabilities available for use by any federal agency.

Over the years, many organizations’ on-premises IT infrastructure has been compromised. Often times, organizations are left defending infrastructure, data, and people without understanding who is attacking them and why. But the sliver lining is that attackers often use the same tactics to try to initially compromise their targets. Knowing the ways that attackers try to get a foothold in your environment can help you defend it better.

Over the years, I have talked to thousands of customers about security and compliance topics. Many of these conversations revolved around specific security controls customers were interested in, or assurances about how specific cloud services are managed, or whether a cloud service complies with a specific regulation. Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) tend to be focused on maximizing control and visibility – and for good reasons. But with the focus on security controls and compliance requirements, one important topic rarely gets discussed: innovation. Overlooking the value of innovation to an organization, and the value of the pace of innovation, can be a serious ROI miscalculation.

Choice and self-determination are cornerstones of our nation’s democratic process. Come election night, we might not all root for the same candidates, but there’s one point we can all rally around – the need for modernization and the role of the cloud in powering U.S. elections.