by Stephen Kuenzli | Feb 5, 2020 | AWS, Cloud, DevOps, Risk, Security, Systems
Cloud deployments often use tagging to describe the context of a compute or resource such as a who owns or what application a virtual machine or object storage bucket belongs to. However, the common resource tagging models in use don’t describe the context... 
by Stephen Kuenzli | Jan 31, 2020 | Cloud, Risk, Security, Systems
Reading Time: 6 minutes The current crop of Best Practice tagging schemes and recommendations don’t describe the context required for people or tools to assess security or manage risk easily. But I never explained why risk management is important nor how to... 
by Stephen Kuenzli | Jan 27, 2020 | Cloud, DevOps, Security
Shift Left, Photo by Nick Fewings I hit an obstacle on my way to extending the common resource tagging models with context to describe security and risk attributes. I couldn’t get past that while I feel this should be a settled engineering practice, it... by Stephen Kuenzli | Jan 21, 2020 | AWS, Cloud, Security
Operating applications involving more than a few components without explicitly modeled contextual clues is difficult for humans and might be impossible for tools. This is especially true when people are a couple steps removed such as is often the case when analyzing... by Stephen Kuenzli | Jan 15, 2020 | AWS, Cloud, DevOps, Security
I’m researching how engineers assess the security posture of their Cloud deployments and evaluate risk to those deployments so they can improve it. Reading Time: 10 minutes The research starts with these questions: What’s the hardest part about assessing... 