CLOUD SECURITY ARCHITECTURE
The key to creating a cloud security architecture strategy, is to obtain and integrate tangible business requirements including security policies, legal and regulatory requirements into the overall strategy and map them end to end with every artefact. Of equal importance is the integration with the organisations current processes, including for example, the classification policies and […]
AWS Certificate Manager Private Certificate Authority | ACM PCA
If you’re not already using ACM PCA, then you should be. AWS has some of the best thought out and implemented cryptographic controls available. Leveraging ACM PCA will enable you to provision end to end TLS channels beyond the ELB (ALB and NLB). This is a managed service from AWS which works excellently, no more […]
AWS SECURITY GROUPS
There is absolutely no excuse for getting Security Groups wrong, Security Groups should be used correctly and planned prior to anything being deployed into AWS. Configure security group rules to permit ONLY necessary traffic based upon the actual component(s) you are protecting. Ensure rules are configured to specific ranges and not overly permissive. Don’t use […]
THIRD PARTY SECURITY ASSESSMENT
How much do you trust your third party providers, can you and do you have sufficient assurance? This is an information security risk assessment designed to validate the information security controls in place when using third parties to verify whether appropriate controls and processes are in place to protect information. The first of the two […]
DONT EXPOSE YOUR SECRETS
GOOGLE: ext:pem intext:BEGIN RSA PRIVATE KEY ext:txt inurl:gov intext:”Content-Type: text/…