#NoDrama DevOps
By QualiMente
RSA Conference 2020: A DevOps Perspective
I attended two and a half days of the RSA security conference last week and I'd like to share my first-timer perspective with you. Summary The opening keynote challenged Information Security to reorganize to collaborate better with users, business, risk, and IT teams....
Computing a Risk Estimate using Netflix’s riskquant
This post computes a realistic annual loss estimate in dollars for an ecommerce application using the riskquant tool that models the distribution of possible impacts and probabilities appropriately.
Modeling Risk in Cloud Deployments
Information Security risks are those risks "that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations, organizational assets, individuals, other...
Modeling Security in Cloud Deployments
Cloud deployments often use tagging to describe the context of a compute or resource such as a who owns or what application a virtual machine or object storage bucket belongs to. However, the common resource tagging models in use don't describe the context required...
Assessing and Managing Information Security Risks
Reading Time: 6 minutes The current crop of Best Practice tagging schemes and recommendations don't describe the context required for people or tools to assess security or manage risk easily. But I never explained why risk management is important nor how to assess...
Research: Problems Engineers have Securing Cloud Deployments and ‘Shift Left’
Shift Left, Photo by Nick Fewings I hit an obstacle on my way to extending the common resource tagging models with context to describe security and risk attributes. I couldn't get past that while I feel this should be a settled engineering practice, it isn't....
The context people and tools need to work with your Cloud
Operating applications involving more than a few components without explicitly modeled contextual clues is difficult for humans and might be impossible for tools. This is especially true when people are a couple steps removed such as is often the case when analyzing...
Research: Problems with top free security assessment tools (2020q1)
I'm researching how engineers assess the security posture of their Cloud deployments and evaluate risk to those deployments so they can improve it. Reading Time: 10 minutes The research starts with these questions: What's the hardest part about assessing and improving...
Understanding risk using top free AWS Security tools
Most free security assessment tools for AWS will only go so far as to highlighting potential risk areas — assessing risk is up to you.
About #NoDrama
Learn how to design, build, and operate systems in the Cloud one day and concept at a time. A few times a week, Stephen Kuenzli will share his thoughts on building robust systems, architecting for and migrating to AWS, and using DevOps and engineering practices to manage complexity and deliver safely.
Our Newsletter
