AWS Security Best Practice #7: Use IAM Roles with STS AssumeRole

We are more than half way through the top ten, so let's finish up the IAM discussion before jumping into some of the top...

Ten Ways to Develop a Rugged DevOps Approach to Cloud Security

There is no single path to a Rugged DevOps approach that works for every organization, but there are key principles and...

Why Security Remains the Achilles Heel of Cloud Deployments

Even though companies are moving to the cloud in droves to take advantage of the proven cost benefits and flexibility of...

Is Your Cloud Future-Proof?

At AWS Summit in New York City, Amazon CTO Werner Vogels talked about the top six cloud trends in his keynote...

Can Regulated Industries Like Healthcare Find Security in the Cloud?

A recent article in Talkin Cloud took a look at a study by Elastica on Healthcare Industry Cloud Data Breaches. The...

LastPass Hacked — What’s The Security Impact?

Yesterday, LastPass announced to their users and the public that their service was hacked. At this early...

Richard Stiennon and Tim Prendergast Talk Cloud Security Trends

Richard Stiennon, Chief Research Analyst at IT Harvest sat down with Evident.io CEO Tim Prendergast to talk...

Compliance is Hard – Tales from ChefConf 2015

What an awesome experience ChefConf 2015 was! I've been to every single ChefConf, and I have to say, I learn more and...

The Marriage of DevOps and SecOps

The rise of cloud computing brings many exciting changes to the technology industry: elastic scalability of resources,...

AWS Security Best Practice #6: Rotate all the Keys Regularly

In the previous article, we had a pretty deep discussion on how and why to limit privilege in the AWS IAM service....

AWS Security Best Practice #5: Least Privilege

In the previous post in this series, I discussed a great way for EC2 instances to be able to use AWS services securely,...

AWS Security Best Practice #4: Use Roles for EC2

By now, you're getting the theme that security on AWS is all about being proactive. The point of proactive security is...