Home The Webmail Blog

Keywords :   

Five golden rules of security planning in the AWS cloud

2020-10-19 18:17:19| The Webmail Blog

Five golden rules of security planning in the AWS cloud nellmarie.colman Mon, 10/19/2020 - 11:17   Whatever you put in the cloud, it needs to be secure from day one. When you choose Amazon Web Services (AWS), you have the confidence of knowing that AWS is securing the hardware, software, networking and facilities. But youre responsible for securing everything you put in the cloud, including: Customer data Platform, applications, identity and access management Operating system, network and firewall configuration Client-side data encryption and data integrity authentication Server-side encryption for your file systems and/or data Networking traffic protection, including encryption integrity and identity Security is a shared responsibility between you and AWS. So youve got to do your part. You cant risk exposing confidential data or being compromised, and so protection and monitoring for your AWS cloud environment is vital. In this article, I discuss the importance of security engineering through five golden rules to follow when planning and building your cloud environment  always with security in mind.   1. Security engineering should be your first step Always start with security. Once you know what youre going to do with your AWS cloud environment, but before you add data or apps, have proper security controls in place and a process that mandates that happening. There might be pressure to make things secure later too often, organizations prioritize other business goals. But unless you put security upfront, youll risk compromised environments, data loss and attacks by malicious actors  all before youve had the chance to put proper security controls in place.   2. One size does not fit all The security landscape is complex. There are many tools and ways to do things. Not every security solution or product is best suited to every environment and they all have different capabilities. You must use the most appropriate security tools and products, and adapt them to how you use your cloud environment, the data you store in it and regulatory compliance requirements. Its therefore crucial to have people on your team or partners to work with who have a thorough understanding of security and the cloud environments you use. By combining those skills, you can ensure you have proper security controls in place.   3. People are core to security engineering You need the right team in place to successfully set up a secure AWS cloud environment. But dont make the mistake of then immediately dropping people from the equation. All the cloud native tools and monitoring you set up wont be valuable if you lack teams and processes that enable you to respond to problems. Tools can tell you about whats happening in your cloud environment, but if you dont have anyone monitoring it 24x7, you risk getting compromised and losing data. So ensure your organization has a SOC-like capability to more thoroughly protect your cloud environment.   4. Security is not a one-time engagement Dont set up a secure AWS environment and think the jobs done when its only just begun. Security engineering is not a one-time engagement that occurs when you spin up a new account. It needs to evolve constantly, based on your use of the cloud. Create processes that mandate a regular review of your AWS cloud environment. Work with people who understand what youre doing with it, how your use of the cloud has changed and any new services youve started to use. Security controls and processes must then adapt accordingly.   5. The cloud is radically different from what came before Some organizations struggle when transitioning to the cloud from dedicated environments. They are used to segregating internal resources the secure environment  from the outside world by using a perimeter protection device. This provides a good level of protection in a dedicated scenario, but its not enough in the cloud. Not everything in the cloud runs on the server. You cannot protect everything with a single firewall. Your security approach must therefore be very different. Think beyond your network regarding threat detection (such as considering API calls to your cloud environment that wont necessarily go through your corporate firewall), use appropriate rather than solely familiar tools and products, and work with people who understand the threats, risks and security solutions and tools inside-out.   Security in partnership To be effective in securing your AWS cloud, you need expertise in security, the cloud environment itself, and cloud native security products all while being aware of the rapid changes in security engineering and keeping pace with such developments. This can overwhelm, which is why organizations often partner with experts in the field. Rackspace Technology is the first consulting managed security service provider (MSSP) partner for AWS Security Hub, offering consulting services for AWS cloud native security products, including around-the-clock support from certified security experts in our global Security Operations Center (SOC). Rackspace Technology believes in the core fundamentals outlined in this article: security must come first; one size does not fit all; and security engineering needs evolve over time. This is why we offer managed security services using cloud native security products, such as our Cloud Native Security solution for AWS. Our aim is to combine skills and expertise to help you achieve your security goals and protect your cloud environment. But whether you choose to partner up or handle it alone, do prioritize making sure your cloud environments are secure before its too late.   Five golden rules of security planning in the AWS cloud Keep these five golden rules of security planning in mind as you plan and build out your cloud environment. Secure your AWS environment, from day one. /managed-aws/capabilities/securityLearn how

Tags: the security planning rules


AWS Outposts: Building the new hybrid cloud

2020-10-16 19:14:39| The Webmail Blog

AWS Outposts: Building the new hybrid cloud nellmarie.colman Fri, 10/16/2020 - 12:14   Editors Note: A version of this article was originally published on the Onica blog. Businesses are embracing the cloud to drive growth, foster innovation and enhance customer experiences. But sometimes you need to keep certain workloads on-premises such as when you need low-latency access, local data processing or local data storage. In those situations, how can you tap into the benefits of the cloud, while keeping those workloads on-premises? The primary solution has been to create a hybrid environment where you connect your on-premises workloads to the public cloud. This gives you the control of on-premises, with the scalability and elasticity of the cloud, for a best-of-both-worlds solution. But AWS is taking hybrid to a new level. With AWS Outposts, AWS brings its AWS cloud to you directly into your on-premises facility or data center of your choice. From AWS infrastructure to AWS services, APIs and tools, its all included in this cloud-native approach to hybrid. A powerful hybrid enabler AWS Outposts unlocks the power of the AWS-powered platform, regardless of location, for a truly consistent hybrid experience. We call this approach, Hybrid 2.0, and its being powered by the introduction of AWS Outposts. Here are three ways we see customers using AWS Outposts for their on-premises workloads: 1. Build-once, deploy anywhere Businesses are using AWS Outposts to create application consistency. Since you get the same hardware and software infrastructure and a consistent set of services and tools across your environments you can build and run modern, cloud-native applications anywhere. This means you can develop once, and then deploy in the AWS cloud or on-premises, without compatibility issues. 2. Prepare for cloud adoption, on your terms AWS Outposts can also serve as a stepping-stone to the cloud. For example, if your infrastructure is complex and tightly woven, you can use AWS Outposts to understand how it could operate in the cloud before committing to the switch. This puts you in control. 3. Build on-premises first AWS Outposts also allows you to build portable, automated, cloud-native solutions on-premises while getting used to new programming and management models. Then, you can easily port it out to the AWS cloud, a hybrid or even an Outpost in a different local zone when youre ready. Its like having cloud-native training wheels before making the jump to putting your workloads out in the field. Start your AWS Outposts journey Learn more about AWS Outposts and whether its the right fit for you. In our on-demand webinar, Redefining Hybrid: Cloud Native On-Premises with AWS Outposts, our experts share best practices for all aspects of your AWS Outposts adoption, including pricing models, location, implementation, optimization and more.   AWS Outposts: Building the new hybrid cloudSee how AWS Outposts brings the AWS cloud into your data center redefining hybrid cloud for a cloud native world. Get to know AWS Outpostshttps://www.brighttalk.com/webcast/16423/419469Watch the webinar Amazon Web Services (AWS)Professional Services - SecuritySecurityCloud InsightsDavid BeattyAWS Outposts: Building the new hybrid cloudOctober 16, 2020

Tags: building cloud hybrid aws


DDoS attack trends in the network layer during the COVID-19 crisis

2020-10-12 19:12:38| The Webmail Blog

DDoS attack trends in the network layer during the COVID-19 crisis nellmarie.colman Mon, 10/12/2020 - 12:12   During the new era of lockdowns and shelter in place, Internet traffic has exploded, with increases of up to 50%. And cyber criminals have responded by stepping up their DDoS attacks, focusing on shorter, smaller bitrate attacks and a substantial increase in maximum attack size. Many of these attacks target the network layer in the OSI model or the network-to-network connections in which packets of data are sent back and forth using certain protocols. What this means for you is that, as the attacker sends large volumes of junk network traffic your way, your site can become slow or even inaccessible preventing users from accessing your site. This article can help you better understand DDoS attack trends in the network layer, so your security teams can be better prepared to thwart these evolving threats.   Wave of short, small attacks These days, almost anyone can launch a DDoS attack. For just around a dollar a minute, a non-technical criminal can easily wreak havoc on your business with a short, small DDoS attack. As the bar to entry lowers, more participants get into the game. This approach appears to be gaining traction. In Q1 2020, most of the attacks observed by Cloudflare were under 10 Gbps, with 64% of these coming in at less than 500Mbps. And 13.5% of all DDoS attacks throughout January to March 2020 were generated using free, publicly available Mirai code variations. Despite their small size, 10 Gbps attacks are quite effective against underprotected Internet properties. These hit-and-run attacks can easily enable criminals to extort a ransom in exchange for allowing a website to stay open for business.   Less persistence, more variety While smaller attacks are on the rise, DDoS attack persistence appears to be falling. For instance, during the holidays (Q4 2019), attackers launched up to 523 DDoS attacks in one day against a single Cloudflare IP. Then, with the onset of the COVID-19 crisis, the total volume of attacks increased. However, the average persistence rate dropped as low as 2.2 attacks per IP address per day, with a maximum of 311 attacks on a single IP. These numbers represent a 40% drop in attack persistence compared to the 2019 holiday quarter. Are attackers getting lazy? More likely there are more total attacks including smaller, shorter ones which may dilute the persistence rate.   Rolling out the big guns Despite the high volume of smaller attacks and waning persistence, larger attacks are by no means fading away. For instance, in March 2020, both attack volume and size ramped up considerably. There were 55% more attacks observed in the second half of the month versus the first half. Additionally, 94% of the attacks were as large as 300-400 Gbps in the month of March. Other data shows that the maximum duration of DDoS attacks increased up to 264% in Q1 2020 compared to Q1 2019. This is especially troubling given that a DDoS attack can cost you up to $20,000-40,000 per hour.   Threat mitigation requires agile, distributed & interconnected security Given the evolving threat landscape, DDoS prevention security must adapt to and anticipate all of these changes. Based on the trends reviewed above, a three-pronged defense works brilliantly: Agility: The time to mitigate network layer DDoS attacks should be 10 seconds or less. Detection should be fast and automatic. This mitigates the small, short attack segment.   Distribution: Distributed security architecture employs hundreds of data centers to provide full DDoS mitigation capabilities. This thwarts high-powered localized attacks, as every node is capable of repelling an attack.   Interconnectivity: Massive interconnected network capacity is the most effective way to nullify large distributed volumetric attacks. A globally distributed architecture allows for attack mitigation, of any size, close to the source.   Secure your environment Put this three-pronged defense approach to work for your organization, with Cloudflare and Rackspace Technology. Cloudflare is known for its vast network scale, integrated security, performance and reliability solutions, with easy, unified control and multicloud functionality. And with expert support from Rackspace Technology, you can unlock even more value from Cloudflare and its add-on functionality including advanced policies and features deployments for bot or SSL management, load balancing, rate limiting, analytics and more.  Rackspace Technology and Cloudflare helped TeamSnap improve security and run rates with a scalable platform to help ensure service availability during peak traffic seasons. TeamSnap now enjoys faster load times and greater security with the ability to scale on demand.    From the customer experience, we got faster load times, lower latencies, and just an overall more refined experience. Tim Soderstrom Database Administrator, TeamSnap   Get started on your journey to DDoS prevention. Start with our whitepaper, Taming the ever-evolving DDoS monster, where youll discover the three ugly heads of the DDoS monster, its growing appetite and how to slay it in the cloud.   DDoS attack trends in the network layer during the COVID-19 crisis How has the COVID-19 crisis affected the DDoS threat landscape in the network layer? Learn about critical trends and the best strategies to remain secure.Tame the ever-evolving DDoS monster.https://www.infocrunch.co/thought-leadership/taming-the-ever-evolving-ddos-monsDownload the white paper

Tags: the network trends attack


Its Black Friday every day as ecommerce booms

2020-10-09 18:33:43| The Webmail Blog

Its Black Friday every day as ecommerce booms nellmarie.colman Fri, 10/09/2020 - 11:33   Although ecommerce has been on the rise for years, the pandemic has created a surge in online shopping. In the U.S., online sales increased 42% year over year in August. And since March, shoppers have spent an extra $107 billion online. As a result, businesses are experiencing Black-Friday-level numbers on their websites every day.   Why every business is now an online business Brick and mortar challenges such as decreased foot traffic, rental prices and local economy risks are making ecommerce and its promise of a global audience with minimal overheads even more attractive to businesses. With an evolving arsenal of website tools, SaaS platforms and managed services, the barriers to entry for trading in the online world have never been lower. As businesses double down on ecommerce as a revenue stream, what risks should they be aware of? What is the best practice for navigating issues such as unpredictable traffic and vendor lock-in? How do you provide a winning digital experience for your customers? Tackling the big ecommerce questions To answer these questions, we invited three ecommerce experts on to the Cloudspotting podcast. Hosts Alex and Sai are joined by fellow Rackers Wesley Lomax, Larry Hau and Will Parsons, in this ecommerce special. Tune in to hear about the following: Customization vs. lack of flexibility figuring out your ecommerce strategy Differences in B2B and B2C ecommerce Dealing with unpredictable demand and sudden regulatory changes brought about by COVID-19 Enabling scale through automation and programmatic access Headless commerce and providing a digital experience   Opening up technology to the masses On the topic of the new ecosystem of SaaS companies, which are making ecommerce more accessible, Wesley Lomax, Digital Solutions Architect at Rackspace Technology, comments on the success of these companies. There's a bunch of WordPress plugins that have gone on to be hundred-million-dollar startups like Stripe. By solving complex problems like payment processing, these platforms have gone on to be huge, huge companies. Will Parsons, Portfolio Solutions Architect at Rackspace Technology, explains the unpredictability of the world that we're in right now from an ecommerce perspective. With Black Friday, at least you know when its going to be, and you could scale for it ideally automatically and you could at least provision for it. Now, as soon as some government advice changes, suddenly everyone needs to wear face masks. Suddenly, if you sell face masks, it's Black Friday for you.   Remaining agile from a product perspective Will continues by stressing the importance of agility. You don't know what products are suddenly going to become important. And of course, you may need to be able to pivot your business to provide those. Notice that almost all online fashion retailers are also selling designer face masks now. Whereas that wasn't the case even a few months ago. Larry Hau, Senior Product Manager at Rackspace Technology, warns of the potential drawbacks of going fully automated and not enabling interactions with customers. A lot of folks focus on an exclusively, unassisted digital sale. And they don't think about, if the customer still has questions, how do they get answers?   Its Black Friday every day as ecommerce boomsThe surge in demand for ecommerce means that online businesses are now experiencing Black Friday numbers every day. How do you keep up with the pace?Keep up with the ecommerce boom. https://cloudspotting.fireside.fm/27Listen in Ecommerce HostingPerformanceScalabilityUptimeCloud InsightsChris SchwartzIts Black Friday every day as ecommerce boomsOctober 9, 2020

Tags: day black friday ecommerce


Sites : [1]