UNLIMITED
Data Ah-Pee Goes GA: AWS Morning Brief for the week of June 3rd, 2019. by AWS Morning Brief18 min listen
ratings:
Length:
6 minutes
Released:
Oct 28, 2021
Format:
Podcast episode
Description
Links:
1Password University: https://blog.1password.com/introducing-1password-university/
Penetration testing: https://www.darkreading.com/cloud/pentesting-in-the-cloud-demands-a-different-approach
New AWS workbook for New Zealand financial services customers: https://aws.amazon.com/blogs/security/new-aws-workbook-for-new-zealand-financial-services-customers/
Secretive: https://github.com/maxgoedjen/secretive
TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Liquibase. If you’re anything like me, you’ve screwed up the database part of a deployment so severely that you’ve been banned from ever touching anything that remotely sounds like SQL at least three different companies. We’ve mostly got code deployment solved for, but when it comes to databases, we basically rely on desperate hope, with a rollback plan of keeping our resumes up to date. It doesn’t have to be that way. Meet Liquibase. It’s both an open-source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails that ensure you’ll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: So, it’s been an interesting week in the world of AWS security, and a light one. And that’s okay. 1Password introduced 1Password University, and I’m interested in it, not because I expect to learn a whole lot that I didn’t know before about security, but because this might be able to replace my current, fairly awful Security Awareness Training.See, a lot of companies have contractual requirements to provide SAT to their staff and contractors. Most of them are terrible courses that actively push crap advice like, “Rotate your password every 60 days.” This has the potential, just based on my experiences with 1Password, to be way better than that. But we’ll see.“Things are different in the cloud,” is something of a truism, and that applies as much to penetration testing as anything else. Understanding that your provider may have no sense of humor whatsoever around this, and thus require you to communicate with them in advance, for example. There was a great interview with Josh Stella, who I’ve had on Screaming in the Cloud. He’s CEO of Fugue—that he will say is pronounced ‘Fugue’, but it’s ‘Fwage’—and he opined on this in an article I discovered, and interview, with quite some eloquence. I should really track him down and see if I can get him back on the podcast one of these days. It has been far too long.now, from the mouth of AWS Horse. There’s a New AWS workbook for New Zealand financial services customers, and that honestly kind of harkens back to school: unnecessary work that you’re paying for the privilege of completing. But it is good to be able to sit down and work through the things you’re going to need to be able to answer in a world of cloud when you’re in a regulated industry like that, and those regulations vary from country to country. You can tell where the regulations around data residency are getting increasingly tight because that’s where AWS is announcing regions.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals: having the highest quality content in tech and cloud skills, and building a good community that is rich and full of IT and engineering professionals. You wouldn’t think those things go together, but sometimes they do. It’s both useful for individuals and large enterprises, but here’s what makes this something new—I don’t use that term lightly—Cloud Academy invites you to showcase just how g
1Password University: https://blog.1password.com/introducing-1password-university/
Penetration testing: https://www.darkreading.com/cloud/pentesting-in-the-cloud-demands-a-different-approach
New AWS workbook for New Zealand financial services customers: https://aws.amazon.com/blogs/security/new-aws-workbook-for-new-zealand-financial-services-customers/
Secretive: https://github.com/maxgoedjen/secretive
TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Liquibase. If you’re anything like me, you’ve screwed up the database part of a deployment so severely that you’ve been banned from ever touching anything that remotely sounds like SQL at least three different companies. We’ve mostly got code deployment solved for, but when it comes to databases, we basically rely on desperate hope, with a rollback plan of keeping our resumes up to date. It doesn’t have to be that way. Meet Liquibase. It’s both an open-source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails that ensure you’ll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: So, it’s been an interesting week in the world of AWS security, and a light one. And that’s okay. 1Password introduced 1Password University, and I’m interested in it, not because I expect to learn a whole lot that I didn’t know before about security, but because this might be able to replace my current, fairly awful Security Awareness Training.See, a lot of companies have contractual requirements to provide SAT to their staff and contractors. Most of them are terrible courses that actively push crap advice like, “Rotate your password every 60 days.” This has the potential, just based on my experiences with 1Password, to be way better than that. But we’ll see.“Things are different in the cloud,” is something of a truism, and that applies as much to penetration testing as anything else. Understanding that your provider may have no sense of humor whatsoever around this, and thus require you to communicate with them in advance, for example. There was a great interview with Josh Stella, who I’ve had on Screaming in the Cloud. He’s CEO of Fugue—that he will say is pronounced ‘Fugue’, but it’s ‘Fwage’—and he opined on this in an article I discovered, and interview, with quite some eloquence. I should really track him down and see if I can get him back on the podcast one of these days. It has been far too long.now, from the mouth of AWS Horse. There’s a New AWS workbook for New Zealand financial services customers, and that honestly kind of harkens back to school: unnecessary work that you’re paying for the privilege of completing. But it is good to be able to sit down and work through the things you’re going to need to be able to answer in a world of cloud when you’re in a regulated industry like that, and those regulations vary from country to country. You can tell where the regulations around data residency are getting increasingly tight because that’s where AWS is announcing regions.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals: having the highest quality content in tech and cloud skills, and building a good community that is rich and full of IT and engineering professionals. You wouldn’t think those things go together, but sometimes they do. It’s both useful for individuals and large enterprises, but here’s what makes this something new—I don’t use that term lightly—Cloud Academy invites you to showcase just how g
Released:
Oct 28, 2021
Format:
Podcast episode