k9 helps Cloud teams improve security policies and accelerate delivery processes with usable automation and audit tools.
We’re making these tools simple and economical to adopt so you don’t have to compromise on security engineering.
In November, k9 released resources to help you educate your team, automate secure data management, and adopt k9 easily.
Integrate Security Into Delivery Process
In the Mission Impossible: DevSecOps talk at Big Mountain Data & Dev (video & slides), we uncovered the major problems teams experience when integrating information security into continuous delivery processes (spoiler: it’s not ‘human error’) and the common solutions to those problems you can apply with your teams.
The talk shows how Cloud teams integrate security into delivery processes to create feedback loops that manage risks effectively. Design security controls so they (actually) collect and incorporate information feedback. Feedback is critical to realizing effective security control processes. No feedback, no control.
This presentation was tailored for the conference’s Big Data audience and has also been delivered in other forums. The latest iteration dives into the components of an effective process control loop. If you’d like a private presentation for your team, contact us.
AWS Marketplace
k9 Security Team is now available in AWS Marketplace, enabling Cloud teams to:
- procure k9 simply and quickly through AWS
- scale adoption up (and down) one account at a time, paying only for what you use, when you need it
- pricing is $55 per AWS account per month
The setup process has been enhanced so CloudFormation securely reports all configuration data to k9 automatically.
Purchase & configuration process: https://k9security.io/purchase-k9-security-team/
S3 & KMS Policy Improvements
The k9 Security Terraform S3 and KMS modules now generate a more precise least privilege resource policy, enabling AWS services the access most engineers expect. The k9 policy generators are designed to be used or integrated with your existing Terraform code. k9 Support is happy to help you do that.
An example of a supported use case is encrypting all data in a DynamoDB table with a k9 KMS policy. This could be used to implement an ‘encrypt all data with a key for a functional domain‘ design. The DenyEveryoneElse statement is now scoped to the owning account (example policy). This allows DynamoDB to use the key for encryption and backups, but still closes off access from IAM principals in the account that are not explicitly permitted.
Additional improvements:
- improved support for allowing access to IAM principals using wildcards for both S3 & KMS
- KMS policy now automatically includes access for the account’s root user
Interested in trying k9?
We are happy to help get you going and prove k9’s value by improving a couple IAM, S3, or KMS security policies in your environment. Reply or contact us and we’ll get you going with a demo or setup.
Stephen
Founder, k9 Security
Recent Comments