As a security researcher, there are many things to keep in mind when conducting “daily routines,” if such a thing even exists. The computer science industry and related technologies are vast and nearly bottomless, there is just so much to learn that being able to cover everything wouldn’t really be realistic. Don’t get me wrong, strive to learn all that you can, but working on … [Read more...]
S3 Bucket Security: More Than ACLs and Policies
Many companies are suffering data breaches because attackers gain access to data in AWS S3 buckets. I don’t want to repeat all the news articles outlining all the S3 data breaches. A Google search will give many examples, and it seems like by the time I write this another one will be in the news. Instead, I’d like to jump to why these S3 bucket breaches are happening and how to … [Read more...]
The Insider Threat: History and Defense
In cyber security, the “Insider Threat” refers to potential actions taken by people within an organization that can cause harm, as opposed to hackers attacking from the outside. Sometimes an insider takes actions maliciously with intent to steal data or cause damage. In other cases, the insider takes actions accidentally by clicking a link or sharing information because they … [Read more...]
CloudFormation Benefits for Secure AWS Deployments
As discussed in a prior Secplicity blog post, automation can help improve security by reducing the potential for human error. Security automation includes programmatic deployments of infrastructure and applications. But how do you automate cloud deployments? If you are using AWS, CloudFormation is one of your options. CloudFormation has some features that help secure the AWS … [Read more...]
How Can Automation Improve Security?
A prior Secplicity blog post explored the potential of cloud security. Automation is one of the most important reasons to move applications to the cloud. By design, third-party cloud platforms can automate manual tasks to deploy, monitor and maintain systems. The AWS Architecting for the Cloud whitepaper explains best practices for cloud applications driven by automation. How … [Read more...]