Category: Security, Identity, & Compliance

Secure Cloud Foundation is a fully managed platform-as-a-service offering from Infosys Compaz (iCompaz), an Infosys Limited joint venture. It provides a managed platform with foundational secure landing zone capabilities, as well as application and workload hosting capabilities. Secure Cloud Foundation helps customers achieve enterprise-grade security for their workloads running on AWS. In this post, walk through typical customer cloud adoption scenarios that could leverage the Secure Cloud Foundation.

With the move to cloud, there has been a paradigm shift in how we protect our most valuable asset—data. Learn the importance of building a complete and accurate risk profile, which consists of your identity and data relationships. You’ll also learn how it’s critical to protect the sensitive, private, and confidential data. Sonrai Dig graphically maps all of your identities and determines their effective permissions, allowing you to get to least privilege across your entire AWS environment.

As organizations continue to adopt AWS, their risk footprint increases from both an infrastructure and network perspective as it relates to compliance posturing, configuration risk, and network threats. Explore the integration between AWS and Secure Cloud Analytics, a SaaS-delivered Network Detection (NDR) offering from Cisco that monitors multi-cloud and hybrid environments for threats and policy violations and provides comprehensive visibility for any environment.

MongoDB Atlas is the global cloud database service for modern applications, and in this post learn how to configure MongoDB Atlas to authenticate using AWS Single Sign-On (AWS SSO). Instead of having to sign in separately to MongoDB Atlas Control Plane, with this configuration enabled users can access the MongoDB Atlas user interface with their corporate credentials using AWS SSO. This delivers a better user experience without the need for managing separate sets of credentials.

Virtusa recently received a requirement to make an application programming interface (API) accessible across another AWS account. The API was an internal-only API hosted in a private subnet, and could be accessed only from within the network. The requirement also stipulated Virtusa make only a few read-only (Get) methods accessible, and not all the methods from the API. Learn how Virtusa addressed the customer’s challenge by designing a solution that uses Amazon API Gateway with IAM authentication.

As part of adopting a multi-tenant SaaS model, a key challenge is how to provide strong tenant isolation in a cost effective and scalable manner. Being able to effectively isolate your tenants is an important part of a multi-tenant system. Learn how dynamic policy generation gets applied as part of the overall isolation story of your SaaS solution, and follow along with AWS reference implementation to demonstrate how to use dynamically generated policies in code.

Automation and integration are critical to producing applications with fewer flaws at a speed that won’t slow developers down. However, this is only possible with a well-planned DevSecOps program and the right tools embedded into your software development lifecycle. Dig into the importance of the digital shift and how you can implement DevSecOps into existing workflows with the combined control of Veracode’s scanning tools and AWS integrations.

Many enterprise customers improve project security by segregating individual projects, or project environments like DEV or PROD, in separate AWS accounts. Mapping each project or project environment to a unique account provides a clear and easy way to maintain security boundaries and built-in cost accounting. Learn about EGlobalTech’s project-per-account model for accounts that enables users to seamlessly move between their AWS accounts and roles.

Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.

AWS customers are increasingly searching for new ways to manage access in a scalable way that maintains the benefits of an agile DevOps delivery model. However, the traditional and highly-manual processes for assessing and certifying access quickly demonstrates they cannot keep up with the speed of DevOps changes. Learn how PwC designs and implements baseline IAM roles for customers while leveraging usage-based analytics to identify overprivileged roles.