As part of securing your AWS account, make sure you have strict controls over who can create custom encryption keys for AWS resources. A bad actor with access to your account can create their own encryption keys, encrypt your AWS resources and later hold them for ransom. This protection should be part of a larger security policy that limits access to resources using IAM and …
Author: mhonner
AWS – Assess, Audit and Evaluate
At last count AWS has over 200 services. Under AWS’s shared responsiblity model, you are responsible for ensuring each service is configured securely. That’s a big job. AWS Config allows you to create a baseline best practice model and track changes to your configuration over time – especially valuable if you have a team of developers with access to AWS for solutions develoment. Config notifies, …
How secure are the applications you’ve deployed to the Cloud ?
Cloud infrastructures such as AWS, Google and Azure are highly secure and comply with the strictest standards in infrastructure and software development practices, such as ISO 20001, PCI-DSS Level1 and HIPAA. So, what does that mean to an organization building and deploying their own software in the cloud? Not much. You are ensured that their infrastructure is secure not your software. This is what is …
C and Windows – Ouch!
I programmed in C for Windows in the late 90’s. C programming for windows was very difficult. I had inherited a large Cash Management and General Ledger system (200k + lines of code) from the previous team. That team had not been trained in C and their previous work was Cobol programming for an IBM mainframe. They were great programmers, but brought over the the …