Category: Security, Identity, & Compliance

Many enterprise customers improve project security by segregating individual projects, or project environments like DEV or PROD, in separate AWS accounts. Mapping each project or project environment to a unique account provides a clear and easy way to maintain security boundaries and built-in cost accounting. Learn about EGlobalTech’s project-per-account model for accounts that enables users to seamlessly move between their AWS accounts and roles.

Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.

AWS customers are increasingly searching for new ways to manage access in a scalable way that maintains the benefits of an agile DevOps delivery model. However, the traditional and highly-manual processes for assessing and certifying access quickly demonstrates they cannot keep up with the speed of DevOps changes. Learn how PwC designs and implements baseline IAM roles for customers while leveraging usage-based analytics to identify overprivileged roles.

Scanning for misconfigurations as part of your CI/CD pipeline helps maintain a solid security posture for all changed resources before provisioning them to a running environment. Learn how to integrate infrastructure as code security and compliance scanning using AWS CodeBuild and Bridgecrew, a cloud security platform for developers. Bridgecrew is generally used to find security misconfigurations and policy violations across Amazon Web Services (AWS) and in configuration frameworks.

Micro-segmentation is a building-block of the shared responsibility security model and makes your security measures more effective. Understanding of the shared responsibility security model is imperative for successful, secure cloud and digital transformation projects, as well as the future growth of public cloud infrastructure. Learn how implementing micro-segmentation as part of that process can help you maintain a more secure environment than simple traditional perimeter security.

When building a complex web service such as a serverless application, sooner or later you must deal with permission control. Amazon Cognito is a powerful authentication and authorization service managed by AWS and is often combined with Amazon API Gateway and AWS Lambda to build secure serverless web services. Through the blueprint of an AWS Lambda authorizer, learn how to implement object-based authorization in serverless applications on AWS.

VPC traffic mirroring and VPC ingress routing are powerful AWS networking primitives to monitor network traffic in your VPC at the packet-level. With Blue Hexagon’s next-gen Network Detection and Response (NG-NDR) security tool for AWS, which is powered by real-time deep learning, you can detect threats in network headers and payloads in less than a second. The additional AWS Security Hub integration enables you to trigger a rich action space of remediation and response.

One of the biggest challenges in moving to the cloud for organizations that collect and process personally identifiable information (PII) is the fundamental change to the trust model. SecuPi minimizes changes to the trust model and reduces the risk associated with digital transformations. Learn how SecuPi can help you collect and process sensitive or regulated PII and reduce barriers to cloud adoption while satisfying the trust model requirements of even the most conservative and risk-averse companies.

HeleCloud combines AWS Secrets Manager and the AWS Systems Manager Run Command into a solution that automatically rotates secrets for databases running on Amazon EC2. In addition to automatically rotating your secrets, it allows you to access them in applications running on Amazon EKS. Learn about the HeleCloud solution and walk through the code snippets and steps required to set up automatic credentials rotation of MS SQL Server running on Amazon EC2.

AWS Shield Advanced provides 24×7 access to the AWS DDoS Response Team (DRT) for real-time response to impacting events. For customers that lack the resources to maintain this optimal application security posture, AWS has launched a new Perimeter Protection Managed Security Services Provider (MSSP) program that enables AWS Partners to develop and deliver a fully managed Security Operations Center (SOC) for AWS Shield Advanced, AWS WAF, and AWS Firewall Manager.