Category: Security, Identity, & Compliance

As organizations continue to adopt AWS, their risk footprint increases from both an infrastructure and network perspective as it relates to compliance posturing, configuration risk, and network threats. Explore the integration between AWS and Secure Cloud Analytics, a SaaS-delivered Network Detection (NDR) offering from Cisco that monitors multi-cloud and hybrid environments for threats and policy violations and provides comprehensive visibility for any environment.

MongoDB Atlas is the global cloud database service for modern applications, and in this post learn how to configure MongoDB Atlas to authenticate using AWS Single Sign-On (AWS SSO). Instead of having to sign in separately to MongoDB Atlas Control Plane, with this configuration enabled users can access the MongoDB Atlas user interface with their corporate credentials using AWS SSO. This delivers a better user experience without the need for managing separate sets of credentials.

Virtusa recently received a requirement to make an application programming interface (API) accessible across another AWS account. The API was an internal-only API hosted in a private subnet, and could be accessed only from within the network. The requirement also stipulated Virtusa make only a few read-only (Get) methods accessible, and not all the methods from the API. Learn how Virtusa addressed the customer’s challenge by designing a solution that uses Amazon API Gateway with IAM authentication.

As part of adopting a multi-tenant SaaS model, a key challenge is how to provide strong tenant isolation in a cost effective and scalable manner. Being able to effectively isolate your tenants is an important part of a multi-tenant system. Learn how dynamic policy generation gets applied as part of the overall isolation story of your SaaS solution, and follow along with AWS reference implementation to demonstrate how to use dynamically generated policies in code.

Automation and integration are critical to producing applications with fewer flaws at a speed that won’t slow developers down. However, this is only possible with a well-planned DevSecOps program and the right tools embedded into your software development lifecycle. Dig into the importance of the digital shift and how you can implement DevSecOps into existing workflows with the combined control of Veracode’s scanning tools and AWS integrations.

Many enterprise customers improve project security by segregating individual projects, or project environments like DEV or PROD, in separate AWS accounts. Mapping each project or project environment to a unique account provides a clear and easy way to maintain security boundaries and built-in cost accounting. Learn about EGlobalTech’s project-per-account model for accounts that enables users to seamlessly move between their AWS accounts and roles.

Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.

AWS customers are increasingly searching for new ways to manage access in a scalable way that maintains the benefits of an agile DevOps delivery model. However, the traditional and highly-manual processes for assessing and certifying access quickly demonstrates they cannot keep up with the speed of DevOps changes. Learn how PwC designs and implements baseline IAM roles for customers while leveraging usage-based analytics to identify overprivileged roles.

Scanning for misconfigurations as part of your CI/CD pipeline helps maintain a solid security posture for all changed resources before provisioning them to a running environment. Learn how to integrate infrastructure as code security and compliance scanning using AWS CodeBuild and Bridgecrew, a cloud security platform for developers. Bridgecrew is generally used to find security misconfigurations and policy violations across Amazon Web Services (AWS) and in configuration frameworks.

Micro-segmentation is a building-block of the shared responsibility security model and makes your security measures more effective. Understanding of the shared responsibility security model is imperative for successful, secure cloud and digital transformation projects, as well as the future growth of public cloud infrastructure. Learn how implementing micro-segmentation as part of that process can help you maintain a more secure environment than simple traditional perimeter security.