Using AWS KMS Custom Key Store with CloudHSM to Encrypt Your Data

Using AWS KMS Custom Key Store with CloudHSM to Encrypt Your Data

I tend to follow cloud security news closely these days, particularly anything related to data encryption. That’s why one of the AWS re:Invent announcements that was of most interest to me actually occurred at the beginning of the conference, before the first keynote. Amazon Web Services announced the general availability of KMS custom key store, allowing users of AWS CloudHSM to take advantage…

View On WordPress

Shhh... Can You Keep A Secret? A First Look at AWS Secrets Manager

Shhh… Can You Keep A Secret? A First Look at AWS Secrets Manager

It’s no secret (pun intended) that cybersecurity is big news these days. On a daily basis, we are hearing about data breaches, leaked personal information and stolen passwords. Many of these incidents are centered around mismanagement of credentials such as improper storage of encryption keys, databases with default or no password for the admin account and access keys stored in application source…

View On WordPress

Data Encryption in the Cloud, Part 4: AWS, Azure and Google Cloud

Data Encryption in the Cloud, Part 4: AWS, Azure and Google Cloud

Due to the length of this blog post (20 pages), I’ve decided to make it available as a downloaded PDF which you can grab here. But I suggest reading the first section of this page before switching to the PDF if you plan to do so. I’ve written previously about the role of data encryption as a critical component of any company’s security posture and the potential pitfalls of not using encryption…

View On WordPress

Encrpyting Your Data in the Cloud, Part 3: Key Management and Key Generation

Encrpyting Your Data in the Cloud, Part 3: Key Management and Key Generation

This is part 3 of a blog series on encrypting data at rest in the Cloud. My first post argued for why data encryption should be a critical component of any company’s security posture. I then followed up with a blog post that walked through the basics of encryption. Moving on, we want to focus on Key Management, including Key Generation. Key Management Previously, I mentioned Kerkchoffs’ Principle…

View On WordPress

Encrypting Your Data in the Cloud, Part 2: Encryption 101

Encrypting Your Data in the Cloud, Part 2: Encryption 101

Data encryption was big news in 2017 but not in a way IT professional would have hoped. It’s ascendancy in the public conscience came about due to the proliferation of a type of malware attack called ransomware. This attack leverages standard data encryption technology to digitally hold user and company data hostage for ransom. So ironically, a solution designed to thwart malicious actors has…

View On WordPress

Data Encryption in the Cloud, Part 1: Why You Should Care

This is reprinted from my post on the Rubrik blog site but does not contain any Rubrik specific details. The post is intended to provide vendor-agnostic information. Data Breaches Are Trending While IT security in 2018 has been dominated with news about CPU vulnerabilities, we may very well look back on 2017 as the year of online data breaches and cloud data leaks. From stolen consumer data due…

View On WordPress

AWS 301: Creating A Custom Virtual Private Cloud (VPC) – Security

AWS 301: Creating A Custom Virtual Private Cloud (VPC) – Security

If you haven’t yet, I recommend reading the other posts in this series before proceeding. AWS 101: Learning About Regions and Availability Zones AWS 202: Learning About Default VPC AWS 301: Creating A Custom Virtual Private Cloud (VPC) – Networking In my previous blog post, I started to walk us through the process of creating a custom Virtual Private Cloud (VPC). Now that we have our VPC…

View On WordPress

AWS 301: Creating A Custom Virtual Private Cloud (VPC) - Networking

AWS 301: Creating A Custom Virtual Private Cloud (VPC) – Networking

A while back, I wrote a blog post walking through the components of a default AWS Virtual Private Cloud (VPC). Now that I am at Rubrik and have more freedom to continue, I will go through how to create a custom VPC. If you are new to AWS and have not read my previous posts on the AWS global infrastructure and on the default AWS VPC, I recommend doing so since they serve as the foundations for…

View On WordPress

My Next Chapter: Something Old... Something New

My Next Chapter: Something Old… Something New

Some friends recently remarked that I have been usually quiet on my blog and even on social media the past couple of months. However, that is about to change with what I am announcing today. The TL:DR: As of today, I am a Technical Marketing Engineer at Rubrik. Before I get into why I decided to join Rubrik, I want to express my gratitude to Rackspace, who taught me the true meaning of Fanatical…

View On WordPress

Thoughts On The AWS Outage

Thoughts On The AWS Outage

Tuesday, February 28th, was a bad day for AWS and for AWS users who relied on the US-East-1 Region in Northern Virginia to run their business and/or to serve their customers. I won’t rehash what happened but readers can get details on the outage in this TechTarget article. And yes, I know Amazon did not officially classify it as an outage, but it was effectively so for many users. As expected,…

View On WordPress

AWS 201: Learning About Default VPC

AWS 201: Learning About Default VPC

To set the stage for explaining Amazon Web Services Virtual Private Clouds, I previously walked through AWS Regions and Availability Zones in another blog post. With that as the foundation, we can start taking a look at the concept of a Virtual Private Cloud and how it enables advanced networking capabilities for your AWS resources. Virtual Private Cloud, aka VPC, is defined by AWS as a “virtual…

View On WordPress

AWS 101: Learning About Default VPC

AWS 101: Learning About Default VPC

To set the stage for explaining Amazon Web Services Virtual Private Clouds, I previously walked through AWS Regions and Availability Zones in another blog post. With that as the foundation, we can start taking a look at the concept of a Virtual Private Cloud and how it enables advanced networking capabilities for your AWS resources. Virtual Private Cloud, aka VPC, is defined by AWS as a “virtual…

View On WordPress

AWS 101: Learning About Regions and Availability Zones

AWS 101: Learning About Regions and Availability Zones

In their most most recent earnings call, Amazon reported that their Amazon Web Services division has reached a $14.2 billion run rate. As impressive as that is, AWS and the entire cloud market still only represents a small slice of the total IT budget worldwide. In fact while IDC projects the Public Cloud to be a ~$200 billion market by 2020, it also projects the total IT budget in 2020 to be…

View On WordPress

The AWS Love/Hate Relationship with Data Gravity

The AWS Love/Hate Relationship with Data Gravity

I received the e-mail above from Amazon Web Services after recently signing up for another test account. The e-mail had me thinking about the impact of data gravity on AWS, both positively and negatively. For those who are new to the term, data gravity is a concept first coined by Dave McCrory, current CTO of Basho. It refers to the idea that “As Data accumulates (builds mass) there is a greater…

View On WordPress

Starting Something New: The Learning AWS Blog

Starting Something New: The Learning AWS Blog

The Learning AWS Blog I believe we are still in the early days of public cloud adoption and most users are just starting to learn what platforms like AWS can do for them. My goal with this new blog is to provide a destination for those who are new to AWS and seeking to learn. Since I am one of those who still have much to learn about AWS myself, I have found that the best way for me to learn…

View On WordPress

AWS re:Invent 2016 Second Keynote Recap: We Are All Transformers

AWS re:Invent 2016 Second Keynote Recap: We Are All Transformers

If you are interested, please click here to read my AWS re:Invent Tuesday Night Live with James Hamilton recap and here to read my AWS re:Invent 2016 First Keynote Recap. After a whirlwind of product announcements from CEO Andy Jassy the previous day, it was time for Werner Vogels, CTO of Amazon Web Services, to take the stage. Sporting a Transformers t-shirt, Vogels talked about AWS’s role in…

View On WordPress

AWS re:Invent 2016 First Keynote Recap: Andy Jassy Is Your Shazam

AWS re:Invent 2016 First Keynote Recap: Andy Jassy Is Your Shazam

Click here to read my Tuesday Night Live with James Hamilton recap from AWS re:Invent 2016. I grew up watching a TV show called Shazam! which was based on a comic I also read by the same name. The main protagonist was a superhero called Captain Marvel, who was given his superpowers by a wizard named Shazam. Captain Marvel used the power of Shazam to fight evil and to help save the human race. At…

View On WordPress