Security Basics mailing list archives

Re: RE: AWS and security

From: savvy95 () gmail com
Date: Tue, 10 Jul 2012 20:36:30 GMT

Hi Guys,

There are 3 models - Software, Platform and Infrastructure (as a service). You can mix and match depending on your
comfort level, whether technical, risk or regulatory.

Though the service providers are in a Multi-Tenent environment, the trade off is scalability, broad network access,
Rapid Elasticity, Measured Service and On-Demand Self Service.

A good starting point to answer your underlying questions of it's viability in your situation try this: Hi Guys,

There are 3 models - Software, Platform and Infrastructure (as a service). You can mix and match depending on your
comfort level, whether technical, risk or regulatory.

Though the service providers are in a Multi-Tenent environment, the trade off is scalability, broad network access,
Rapid Elasticity, Measured Service and On-Demand Self Service.

A good starting point to answer your underlying questions of it's viability in your situation try this:
https://cloudsecurityalliance.org/csaguide.pdf

The attacks you mention are against customers and not AWS themselves. So it's no less secure than your current scenario.

When companies move into The Cloud, they are forced to put Security as a high priority; but when the data is "closer to
home" the feeling is erroneously that it's more secure. New technology is a learning curve.

Good luck. Keep us posted as to your decision and why?

Glen Victor
CISSP, ITIL, C|EH, MCT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: AWS and security, (continued)
- Re: AWS and security Warner Tabor (Jul 10)
  - RE: AWS and security Mikhail A. Utin (Jul 10)
    - Re: AWS and security Warner Tabor (Jul 10)
  - Message not available
    - Message not available
    - Message not available
    - Re: AWS and security Warner Tabor (Jul 16)
    - KMS Jude Cwalenski (Jul 16)
    - Re: KMS Florian Rommel (Jul 16)
    - RE: KMS Michael Sturtz (Jul 16)
    - Re: KMS Ansgar Wiechers (Jul 16)
    - Message not available
    - Re: KMS Ansgar Wiechers (Jul 16)
- Re: AWS and security ShiYih Lye (Jul 10)
- Re: RE: AWS and security savvy95 (Jul 10)