Category: Security, Identity, & Compliance

When building a complex web service such as a serverless application, sooner or later you must deal with permission control. Amazon Cognito is a powerful authentication and authorization service managed by AWS and is often combined with Amazon API Gateway and AWS Lambda to build secure serverless web services. Through the blueprint of an AWS Lambda authorizer, learn how to implement object-based authorization in serverless applications on AWS.

VPC traffic mirroring and VPC ingress routing are powerful AWS networking primitives to monitor network traffic in your VPC at the packet-level. With Blue Hexagon’s next-gen Network Detection and Response (NG-NDR) security tool for AWS, which is powered by real-time deep learning, you can detect threats in network headers and payloads in less than a second. The additional AWS Security Hub integration enables you to trigger a rich action space of remediation and response.

One of the biggest challenges in moving to the cloud for organizations that collect and process personally identifiable information (PII) is the fundamental change to the trust model. SecuPi minimizes changes to the trust model and reduces the risk associated with digital transformations. Learn how SecuPi can help you collect and process sensitive or regulated PII and reduce barriers to cloud adoption while satisfying the trust model requirements of even the most conservative and risk-averse companies.

HeleCloud combines AWS Secrets Manager and the AWS Systems Manager Run Command into a solution that automatically rotates secrets for databases running on Amazon EC2. In addition to automatically rotating your secrets, it allows you to access them in applications running on Amazon EKS. Learn about the HeleCloud solution and walk through the code snippets and steps required to set up automatic credentials rotation of MS SQL Server running on Amazon EC2.

AWS Shield Advanced provides 24×7 access to the AWS DDoS Response Team (DRT) for real-time response to impacting events. For customers that lack the resources to maintain this optimal application security posture, AWS has launched a new Perimeter Protection Managed Security Services Provider (MSSP) program that enables AWS Partners to develop and deliver a fully managed Security Operations Center (SOC) for AWS Shield Advanced, AWS WAF, and AWS Firewall Manager.

Security and compliance governance is one of the most challenging problems organizations face when managing their cloud infrastructure. After years of working with AWS, Datacom Group has observed that each client has their own industry-specific security and compliance requirements. What’s needed is a solution that is flexible enough to cater to diverse customer requirements. Datacom’s governance solution is flexible and can integrate with a number of AWS native services to offer enhanced capabilities.

For healthcare organizations bound by regulations that require privacy, security, and compliance protections for sensitive healthcare data, ClearDATA provides the peace of mind of automation-forward technology and industry-leading, HITRUST-certified, healthcare-exclusive expertise. Learn how ClearDATA Comply uses the IAM permission boundary feature to automate restricting access to specific AWS regions.

Upgrading legacy systems to the cloud can seem daunting and time-consuming, but with the right combination of AWS Systems Manager, AWS Directory Service, and a few simple AWS Lambda functions, you can upgrade from your outdated Windows environments flawlessly, seamlessly, and at scale. Learn how you can run an in-place upgrade of your Windows 2008 R2 production instances to Windows 2019 R2, and how to control instance tagging so you can orchestrate the root volume replacement process.

Many SaaS organizations leverage AWS Identity and Access Management (IAM) to define a series of policies and roles that can be used to ensure tenants are not allowed to cross tenant boundaries when accessing resources. To make this work, you have to create separate policies for each tenant which can create an explosion of tenant policies that push the account limits of IAM. Learn how dynamic policy generation creates a more scalable and manageable isolation experience.

Aqua Security was built to redefine security and help you address the security skills gap in a rapidly evolving cloud-native landscape, automating security controls at the speed of DevOps. Unlike traditional security, cloud-native security cannot adopt a one-size-fits-all approach. It has to be seamlessly integrated with the existing processes, organizational culture as well as the technology. Learn how to implement a DevSecOps pipeline using AWS CodePipeline and Aqua Platform.