By now everyone has heard of the cloud and how it is revolutionizing the computer industry. Most companies are either in the process of migrating to the cloud or planning a cloud migration. The public cloud allows companies, big and small, to host their applications in virtual servers at a lower cost than a traditional data center. According to the 2017 RightScale State of the Cloud Report the top reason companies are interested in the cloud is cost savings.
DevSecOps is the philosophy of integrating security practices within the DevOps process. Similar to DevOps, DevSecOps seeks to achieve greater efficiency and productivity through team collaboration, but the DevSecOps approach incorporates security principles.
When will companies learn how to properly protect their data? Starting with Target and Yahoo in 2013, Sony and OPM in 2014, Ashley Madison in 2015, the Democratic National Committee in 2016, Equifax in 2017 and now Marriott and Quora back-to-back to cap off 2018, data breaches are becoming a mainstay in the news. It begs the question: what are so many of these organizations missing?
And if it can happen to companies with big budgets like these, then how can a mid-market or small business be expected to keep up?
Even for someone who works with Amazon Web Services (AWS) on a daily basis, the pace and scale of new announcements coming from AWS can be daunting. For example, in 2016, AWS made 640 announcements covering a range of topics from price drops, new services, and even new features to existing services. We are only three-quarters of the way through 2017 and AWS has already exceeded that number and still going strong with re:Invent (Amazon's annual conference for all things AWS, with features keynote announcements, training and certification opportunities) still six weeks away.
Now that most have recovered from the hangover of the PetyaWrap ransomware attacks, it is Monday morning quarterback time. PetyaWrap was not a new ransomware with a zero day vulnerability, but rather a combination of three common vectors of attack that companies do not always take seriously. But securing your assets go beyond just your servers (aka EC2 instances); you also need to ensure your AWS Account is equally as secure.
The three-tier architecture pattern has been an established best practice for decades. By separating infrastructure into layers, each is inherently more secure and flexible. In the cloud, the same design principles apply. This article focuses on the core principles of the three-tier web application architecture pattern on AWS, including availability zones, load balancers, route tables, gateways, autoscaling groups, and databases.
Tagging in AWS is a foundational practice that enhances visibility, cost control, and operational efficiency across your cloud environment. Whether managing a single application or a vast multi-account architecture, implementing a consistent tagging strategy enables better governance, automation, and cost accountability.
