Fortress in the Cloud

As modern applications grow more complex and valuable, their security becomes increasingly critical. Yet many organizations still operate with a flat security model—one breach and attackers gain access to everything. This approach is like building a house with a reinforced front door but paper-thin walls. How can you improve your application security to reduce your risk of attack? Use isolation zones. Isolation zones aren’t just a best practice—it’s the difference between

Who’s Responsible? Understanding the Principle of Shared Responsibility

Both you and your cloud provider have a critical role in keeping your application safe. It’s a principle of security known as the Principle of Shared Responsibility. It describes a model for assigning ownership of various security aspects between the cloud provider and you. It’s a principle that has been championed heavily by AWS, but it applies to all cloud providers in all situations. The key to the principle is an agreed-upon set of responsibilities for keeping the application sa

Don’t let your services become Trojan Horses

Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes and lend themselves particularly well to applications deployed in the public cloud. But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploit

Don’t let your services become Trojan Horses

Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes and lend themselves particularly well to applications deployed in the public cloud. But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploit

Identity, trust, and their role in modern applications

In the software world, identity is the mapping of a person, place, or thing in a verifiable manner to a software resource. Whenever you interact with nearly anything on the internet, you are dealing with identities: Facebook identity Email address Login name and password for a website Everyone has multiple identities—multiple ways that people know who you are and interact with you in the virtual world. Here are a few of my identities: Twitter: @leeatchison LinkedIn: leeatchison Em