eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue


Page 29 of 32

The results of all of these rule invocations (which you can think of as compliance checks) are recorded and tracked on a per-resource basis and then made available to you in the AWS Management Console. You can also access the results in a report- oriented form, or via the Config API. Below is an example of the Config Rules which are set up in a AWS customer account: Software Conguration AWS Config enables you to record software configuration changes within your man‐ aged instances, including EC2 instances in your AWS account and virtual machines (VMs) or servers in your on-premises environment or in an environment provided by other cloud providers. With AWS Config you gain visibility into Operating System configurations, system-level updates, installed applications, network configuration and more. AWS Config provides a history of OS and system-level configuration changes alongside infrastructure configuration changes recorded for EC2 instances. You can assess whether your managed instances are compliant with your guidelines and policies using AWS Config Rules. The deep visibility and continuous monitoring capabilities provided by AWS Config allow you to assess your security posture and troubleshoot operational issues. You can also track configurations of specific compo‐ nents inside your managed instances, dive into noncompliant items, and quickly identify undesired configurations through the AWS Config console. Segregation of Duties (SOD)in the cloud SOD is a fundamental building block to manage risk of internal fraud and error by requiring different people to perform different tasks in order to complete a business process. Organization operate in an environment where roles and tasks are proliferat‐ ing, business processes are rapidly changing, and regulatory environment never stops evolving. This has resulted in managing and enforcing SOD principles a growing challenge for most organization on-premise today. Furthermore, many organizations may not realize the need to extend SOD management beyond their traditional opera‐ tional processes on-premise to their use of cloud. With today's data driven workflows running across hybrid IT environments, using automated prevent, detect and auto- 28 | Chapter 4: Cloud Computing Foundational Security Leading Practices

Articles in this issue

Links on this page

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud