Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.

This blog is part of a series on how to provide identity-based access to AWS resources. In the first tutorial, we saw how to set up an identity-aware AWS bastion host using the OSS solution, Teleport. In this blog, we will expand the scenario to use a single-sign-on (SSO) authentication mechanism to issue certificates to specific groups of users to access AWS resources.

Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help address security threat vectors.

By 2023, over 500 million digital apps and services will be developed and deployed using cloud native approaches. To put that in perspective, more applications will be developed on the cloud in a four-year period (2019-2023) than the total number of apps produced in the past 40 years. Clearly, organizations are buying into the cloud. But the question is: Do they fully understand it? And do they know how to secure the applications they built within it?

In the business of security, linking performance metrics to strategy has become an accepted best practice. If strategy is the blueprint for building a security operations center (SOC), metrics are the raw materials. But there is a catch: a security organization can easily lose sight of its strategy and instead focus strictly on the metrics that are meant to represent it.

Every organization has tons of sensitive information stored in the cloud. The unanticipated surge in remote work resulted in an increase in the amount of information stored in the cloud. According to TechJury, 67% of enterprise infrastructure is cloud-based. However, with organizations allowing employees to use both business and personal devices at work, the attack surface has expanded, increasing opportunities for threat actors to target vulnerable devices.

As developers, we need maximum visibility of what’s actually running in our cloud environments, in order to keep them secure. Infrastructure as code (IaC) helps developers automate their cloud infrastructures, so what’s deployed to the cloud is under control and can easily be audited. But achieving and maintaining 100% IaC coverage of your infrastructure has many challenges.

“In its current CWS offering, the vendor has great CSPM capabilities for Azure, including detecting overprivileged admins and enforcing storage least privilege and encryption, virtual machine, and network policy controls.” – The Forrester Wave™: Cloud Workload Security, Q1 2022 CrowdStrike is excited to announce we have been named a “Strong Performer” in The Forrester Wave:™ Cloud Workload Security, Q1 2022.