Tuesday, May 22, 2018

AWS Bill Shock & Root Account Security

TLDR

  1. Your AWS root account email must NOT point to a specific person email Id.
  2. NEVER ever share your AWS root user credential to anyone.
  3. Do NOT use root user for day to day operations.
  4. DO Activate MFA (multi-factor authentication) on your root account.

P.S. There can be a dozen of reasons for a bill shock. The objective of this article is to fix some of the basic root account security anti-patterns (for beginners). I’ve focused on the Root Account security as most of the beginners tend to take its security for granted. As Root Account has unrestricted access any breach with root credentials will have large (yes, unlimited) blast radius!

Cloud Bill Shock Lightning

Google it & you may come across 100s of instances where cloud service accounts of various individuals/companies have been misused by new age cyber pirates (euphemistically called Crypto Miners / Bitcoin Farmers).

AWS-Bill-Shock

Without an iota of doubt, AWS offers you unlimited capacities protected with state-of-the-art security practices. However, consider your bank has an excellent security practice and a perfectly secured website but can it prevent your account from an online robbery if you go on sharing your internet banking Sign-in User-Id and Password with others?

Ignorance is Bliss?

May be that’s true to some extent in real life. However in online world ignorance will be punished sooner than later. Cybersecurity is only as strong as your weakest link - and the weakest link most of the time is YOU (& your employees). Bot exploits are quite common & reported on a regular basis where hackers are running bots to look out for Access Keys in repository hosting services.

From last few weeks, I started consulting a few startups & SMEs who have recently migrated to AWS or have newly created the account & are about to migrate. A few clients were more than willing to share their root user credential without a second thought.  A few are innocent enough to believe that as they're yet to deploy any of their assets (source code, data etc.) to the newly created account so there's no risk even if the credentials are compromised!

It seems not everyone is aware of the risk that their credentials can be misused by launching 100s of high-end virtual machines which can easily lead you to a staggering 5 figure bill within a day!

The security & compliance on AWS (or for that matter any cloud platform) works on the shared responsibility model. As per this model, the global AWS cloud infrastructure is secured by Amazon but OS level security, firewall configurations & more importantly the application level security is solely your responsibilities.

Security Anti-Patterns in AWS Account Management

(Yes! the most popular ones with the beginners)

1. Your root account email (i.e. AWS sign-up email) should not point to a specific person email Id.

Best Practice First & foremost, Sign-up AWS with an email alias – this disconnects the account from an individual user’s mailbox. The alias should point to a team distribution list addresses (i.e. multiple persons can receive alerts when Amazon is trying to warn you via email in case of a breach). Apart from being a security best practice; this arrangement also helps you when the employee (with root account email)quit the organization.

Although the root user eMail points to an alias (distribution list), at any point in time, only a single person should have the credentials to Sign-in. Others are simply receiving the emails and can inform the person responsible for root account handling in cases of an emergency.

2. Root account & other high privilege user accounts are NOT activated with MFA (Multi-factor Authentication).

3. Sharing root account credentials to a 3rd party or even to your own employees.

4. Having a single AWS account with unrelated teams (or business objectives).

5. Not setting up the AWS billing alerts.

6. Using a weak password for the Root Account.

6. Not using IAM at all.

7. Not applying an IAM password policy. This means that you'll definitely have many IAM users with weak passwords without any expiration.

8. Not following the principle of least privilege while assigning permission for IAM users.

9. Tying up the Root Account MFA to a personal mobile phone. (It’s a dependency. What if the person quits the company?)

So, what's the Best Way to Share your AWS Account with a Consultant?

For startups & smaller organizations, at times it may happen that you don't have the essential in-house competency to look into say why your billing has suddenly spiked (cost optimization) or whether your team is following the best security practices or you may have Scaling or Performance issues which you want to be sorted out with an external help.  Or simply, you may wish to go for a review of your overall AWS architecture and want to bring in an external partner or independent AWS consultant for the task. So, what's the best way to go ahead till the required trust is built between you and the consultant?

One way which most of you may suggest (& practice) is to present your AWS console via a screen sharing application (Skype / Hangout / TeamViewer / GoToMeeting etc.). Well, this can work out to some extent but it does have a few limitations like:

What if the consultant wants to refer the architecture/console again after the meeting? Also, this approach requires a lot of coordination between your team and the consultant as both need to be present at the same time (even if it is remotely done).

IMO, the simplest, most efficient and secure way to start working with an independent consultant is to:

1. Share a Read-Only Access - The consultant can look into your architecture but CAN NOT CHANGE anything over there. For you, It hardly takes 5 minutes to set up a Read-Only IAM user via AWS console.

Here's a simple stepwise article to follow if you've not done it before.

Additionally, if there’s an S3 bucket in your account which has confidential information then it’s recommended that you assign an explicit deny policy for that bucket for that IAM user.

P.S. Similarly, if you want to provide Billing Dashboard access to a consultant for cost optimization then you can follow the steps mentioned in this article.

2. Share a Cross Account Access - Setting this up is definitely NOT as simple as the first approach. It requires more effort and a little more understanding of the AWS console. In this approach, the consultant can Sign-in to his own account and can access your account from there without any need of sharing credentials. You can define whatever permission you wish to grant to the consultant.

Here's a stepwise guide from Amazon support.

Is security still an afterthought for your organization?

It should NOT be. Are you following any of the above anti-patterns? If yes, go ahead & fix it before it's too late. Make security a zero-day job - fix it now.

References

https://www.olindata.com/en/blog/2017/04/spending-100k-usd-45-days-amazon-web-services
https://www.youtube.com/watch?v=tzJmE_Jlas0
https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html

Tuesday, February 6, 2018

5 Branding Mistakes That May Down Your Profits

Be it a startup, small enterprise, or even the big shots of the businesses world, all do and require consistent branding.Branding is like painting a picture of your business for the world to see. Through which prospective clients will judge your product, service, loyalty and everything else that matters. So, it’s essential to include right colours coupled with perfect strokes, and timely touch-ups, making sure your brand identity never goes out of style.

Branding is important, as it portrays everything that your band is or aspires to become in future. Such is the power of branding that if all the right notes are hit, one doesn’t need to bother about the competitors.

What does branding do for you or how it actually benefits a business?


·       It creates trust in people mind for your product or service
·       Gets you a loyal customer base
·       Intrigues prospective customers towards your business
·       Brings in unquestionable goodwill
·       Helps employees stay focused on company's goals, as they are very well understood 


Being such an essential aspect of business makes branding a tricky subject. As one wrong move can push your profits down the hill. The history of the business world is stocked with examples where companies like Pepsi, Guess have incurred millions of dollar of loss due to a branding blunder. While the well-established reimburse for their mistakes in millions, startups and small business can be killed forever as a result of unchecked poor branding.


Therefore, when a big business house makes a branding mistake, it pays for it in money and bad publicity. But very soon it is seen back in the race with same level of energy, thanks to all the right things done in the past and a strong customer base. Best example that fits the situation is Maggie, that was banned in India by the government on account of detection of unhealthy substances. After a ban of few months, when Maggi came out clean it was back in the game, all thanks to its strong customer base that it has created over the decades.


However, when a startup commits a branding mistake, it is not forgotten quickly and many times never. Do you know 9 out of 10 startups fail?  Marketing studies show that customers cut-off from a brand if their initial customer service experience is unpleasant. So, they need to be a little more cautious than their established counterparts.

Helping you in this tricky branding game, here are five mistakes that should never be committed. Check them out and make sure your brand never suffers on account of a branding blunder.

1. Start right; rushing would do no good


This is an important point to be considered by all startups planning to land in the business field. Marketing experts suggest that a business should build its brand over a solid foundation that is before starting off with the whole branding process create a firm set up. It can be in the form of a website, social media, or offline means.

Brands are often seen jumping straight into marketing with a hope that it will catch up instantly. As expected, it never happens, and as a result, all efforts go down in the drain.

Do the necessary market research, competitor’s analysis, perseverance, and create innovative strategies. A brand is built over a period, and once established it’s difficult to alter. So, take time, think it through as customers will recognise your product via its brand image.


2. Focus on your target audience

A product or service cannot suit all; it has to have some restriction in regard to its client base. It is crucial for a startup to understand this factor. It is always wise to do some research and figure out your favourable customer base.

Businesses that fail to zone it down end up with massive losses and many times incur irreversible damages. Don’t think about pleasing all, instead focus your branding to a set audience. With a focused goal, you’ll be able to engage your audience better, and as an advantage, via right publicity, your product or service acquires more clientages.

It is often seen that business adopt wait and watch practice, wherein they wait for the response and then work on future strategies. Though experimentation is necessary every once in a while when the business is in its initial phase, you should work on creating a brand around the target audience.


3. Not sticking to core brand essentials

We have long been talking about creating a brand, how it is vital for business success and lastly the mistakes that should be avoided. But in this process, let's talk about the essential elements, or we can say the defined guidelines for creating a brand. Though it’s true that a business should not stick to rules and be innovative, however, few essentials form the base of every brand campaign.  
     Create a visual identity with a stunning logo
     Add a catchy tagline
     Think of fitting colours and typography
     Suitable voice for promotional activities
Though the list can be further extended depending on the nature and scale business. However, what we have mentioned are the basics for branding. In case, you are a small business, start with a logo that’s catchy and easily recognisable as it will go on every promotional material. Free designing tools like Canva can be used to create a logo and other business material.


4. Not using social media effectively

Using social media for branding is not just about having a brand page on channels like Facebook, Twitter, Instagram, LinkedIn and others depending on the targeted audience. To create a strong brand effective operation of social media is essential, the list includes
     Regularly posting engaging images, text & videos
     Promptly replying to customers comments and queries
     Keeping the page interesting, not going overboard with self-promotion
     Never participate in unnecessary  political or controversial discussions
     Beware of any negative publicity, it is one of the biggest con of social media and can prove dangerous.
5. Underestimating the power of influencers

Customers these days like to remain informed and do thorough research before settling for a product. Here, your strong social media presence can play an important role but that’s not enough to please the customer as its all self-promotion. Enters influencers, they have a loyal following and can promote your product and spread the word about it, ultimately helping create a strong brand image and helping you meet the end goal of earning profits.

Wrap up

It goes without a doubt that branding is essential to business success and helps it maximise profits. In addition to the above-mentioned pointers, take a note to remain original, consistent, and respectful of your customers to create a brand of the status of the established counterparts.

Author's Bio:  Prince Kapoor is an Independent Marketing Analyst and Blogger. While not working, you can find him in gym or giving random health advises to his colleagues which no one agrees on :D. If you too want some of his advises (on health or on marketing), reach him out at @imprincekapur

Saturday, January 13, 2018

5 Creative Technology Tips That Every Computer User Should Know

So you think you know everything there is about using your computer? Well we have a few tips that you may not be aware of and at some point you will be glad you know about them. So let’s take a look.

Install Adblock

Do not confuse this with anti virus software. Adblock is an application that can be installed onto your computer, laptop and even your smart phone. It is the ad that people click that can cause all sorts of problems. The worst-case scenario is that you get some kind of message telling you that your device has a serious security risk and you can’t get rid of it. Another problemthat can be caused by ads is slowing down page loading times. It can be extremely annoying when you are trying to read something and up pops an ad. Or you have more than one tab open and you hear someone talking. You wonder where on earth that is coming from, but discover a video ad is playing in another tab. It’s so annoying. Adblock will stop that and it is free and easy to install.

Out of Ink

It’s happened to us all. You need to print out some important documents, I mean let’s face it, no one prints anything out these days unless they HAVE to. You probably haven’t used the printer for months and totally forgot the ink cartridge needed replacing. The simple solution is to select the text on your page and change the colour of the font to dark blue. It hardly looks any different and you have got yourself out of a difficult situation.

Start Up Sound

This is especially relevant to laptop users as you are more likely to be in a situation where you want to be quiet. The last thing you want is that annoying start up sound to be heard by people around you. Well you can stop it from playing by holding down the mute button as you switch on your device.

Tidy Leads

I know you can get cable ties for keeping leads organised, but if you are using a laptop or you just can’t be bothered to mess around with cable ties, there is a quick and easy solution. A metal binder clip is the answer. For smaller cables such as headphones and audio leads, you can simply wrap the cables around the two metal clasps and attach the clip to the side of the desk. For thicker cables you need a larger clip. With this method you place the cables into the clip and attach it to the table. It keeps them off the floor and allows you to slide them in and out of the clip for movement. No need for DIY, just a trip to the stationary cupboard.

Cleaning Between The Keys

If you have post it notes on your desk, after using one run the sticky side of the post it along the sides of the keys on your keyboard. It will pick up the dirt that gets stuck in there.
----

Jen Starr is part of the community team at NextDay PC. Jen enjoys staying on top of the latest tech trends and sharing how new tech can positively impact people’s lives.
[Sponsored Post]

Monday, January 8, 2018

Home Video Walls as Part of the Smart Home

Most of us have seen a video wall at some point in time; only that we never paid so much attention. From control rooms such as those in the meteorological departments and media outlets to data relay centers such as in the stock exchanges and sports stadiums, video walls have literally transformed every aspect of life.

However, up until recently, many of us wouldn’t believe that this ingenious invention could find its way into our homes especially due to the fact many believe it is a technology that is preserved for the experts in large data processing industries. 

Video walls are now part and parcel of our homes; transforming them into a more secure and convenience place to live other than just a roof over our heads. In this article, we shall look at why a video wall could be that perfect smart home appliance you could ever have.

How Does It Work?

A video wall consists of multiple rear projection display-cubes that are skillfully arranged side by side in a manner that the cubes display a single image. The viewer will think the image came from a single source while in actual sense, many cubes were involved. 

The main reason why video walls are preferred is due to the fact they can merge the three most essential qualities of a great display unit – high contrast, high resolution and uniform brightness. However, aside from the three main qualities above, there is more to the technology of video walls that make them an ideal smart home device, as explained below.

Let’s Begin With the Obvious 

When we talk of a smart home, what springs to our mind is a home where everything can be handled remotely from the convenience of our location and this is indeed true for the most part. But to begin easy, a video wall is a cost-saving initiative that may just as well replace your TV, monitor and other display units you use in your home, or simply merge them into one functional unit.

As already discussed, the wall is made up of multiple displays that are tied together and overlapping over each other. This means you can use it as a TV this moment and then use it as a white board the next moment or you may as well partition the screen to have both of these functions running concurrently. You can use it to display the data collected by you surveillance cameras as well as exhibit a presentation from your home projector. It is the multiple functionality in these home video walls that make them especially great for a conscious home owner.

Improved Screen Area

It is often an embarrassment when you invite guests over to your home and as you are busy chatting away, a fancy piece of news flashes on the screen and people have to strain their eyes to catch the action. Even worse, some of them would move close, obstructing the views of those seated at the far end of the screen. 

However, the introduction of video walls in homes has taken away that agony. As home video walls boast of greater screen area, you can be sure it will be just big enough for any room you choose to place it inside your home. 

Enhance Your Home Security Using Video Walls

A video wall accepts inputs from satellite sources and may be synchronized with your camera as well as video recorders. This means that you can use the wall to monitor the security situation in your home. All you have to do is find compatible security surveillance gadgets, connect those to the equipment and you are able to track all the movements within your home based on what these surveillance devices can pick. 

Well, there are quite a few screens that function in the same way so you may be wondering what makes a video wall the better option. Remember what we said about resolution. The display cubes account for very high screen resolution and this enables you to analyze every possible movement around your home without having to strain your eyes trying to process the images broadcast by your outdoor cameras.

Allow Flexible Scheduling

Last but not least, this is one great thing you will just love about video walls. Assume you have a routine where you wake up each morning, run through the surveillance cameras, and then watch your favorite morning inspirational program before heading to work. A video wall can make all these possible; all you have to do is customize the settings to allow for flexible scheduling.

By synchronizing the video wall with your other smart devices, you can tell the system when to sound an alarm so you can wake up, then based on the sequence of programs fed inside the unit, the video wall can offer flexible scheduling based on your daily routine. It can seamlessly change between a video camera and a TV, enabling you to watch your favorite programs while still keeping tabs with the events outside your home.

About the Author

Jen Starr is part of the content and community team at Userful.com, experts in all things video wall and display solutions. When Jen is not spreading the word about video walls she is often found discovering the great outdoors, walking or cycling. 

Sponsored Post

Friday, February 12, 2016

How the Cloud is Powering New Innovations

It's official - cloud computing is the future way of life, whether it’s for pleasure or for business. Cloud computing has been in development for some time now, and has more than proved its potential in the tech industry. Soon cloud computing will be a part of every industry and will eventually transform the way we work and live. 

And while cloud computing is currently benefiting businesses the most, it’s only logical that the next step would be to integrate everything else with the cloud. Here’s a list of some of the latest technologies that will rely heavily on cloud, in order to function properly.

Cloud Gaming – Redefining the Way the World Plays

With the advent of cloud gaming, gamers are now playing game rendered on the cloud, instead of the high-end graphics card of PC. This allows gaming headsets to function as nothing more than thin clients, and also helps save a chunk of expenses. This shift of device complexity to centralized data servers will bring down the individual cost of virtual reality headsets, and potentially remove the need for an expensive PC upgrade. Cloud gaming will also have secondary benefits such as enhanced ergonomics and lower resource requirements.

A handful of companies have already explored the concept of cloud gaming. Sony, for example, has developed a cloud gaming service called PlayStation Now, which is said to work in tandem with its PlayStation VR design. But while the first-generation of cloud gaming devices hold lots of promise for future gamers, the introduction of a durable, standalone cloud gaming device will be required to accelerate the adoption of cloud-based gaming.

This will mean that consumers will finally be able to afford to game, without having to invest in a high-end desktop or laptop PC. This would open the doors of virtual gaming for any member of society. No wonders, game fanatics are vocal about their love for the cloud, the platform that’s redefining the face of gaming.

Virtual Reality

Anyone familiar with the concept of cloud with seamless device transition, virtual reality Operating System Embedded (OSE) or cloud-based multi-user interactions will understand the impact the cloud will have on virtual reality. A thorough understanding of cloud gaming will propel virtual reality into the next generation.

It hasn’t been easy; extracting the power of the cloud and making sure that all connected devices are synced to each other. But, the transition is complete and many of us even know about Virtual Reality from things like The Matrix. Companies are already in the development stage for a number of such technologies, and will soon be available as part of the VR operating system environment. And while implementing VR in the real world will take some time, video gamers will already know what to do with it.

As a new generation of gamers emerges, a multi-system virtual reality is not far from entering the mainstream. Cloud-based VR will unleash a level of virtual connectivity that was never previously experienced, all thanks to the cloud.

Li-Fi

People were happy with Dial-up modems, impressed with broadband, and were in awe of Wi-Fi. So, now get ready for the next generation of high-speed connectivity, with Li-Fi. A 5G light connectivity features that flows along the spectrum of visible light, Li-Fi is not just a new level of speed, but the first glimpse into the world of light speed. The concept works on Light-emitting diode or LED bulbs that transfer data when they are turned on or off, at a speed so fast that the human eye can’t even see it.

The equipment required to handle such speeds is already under development, and the means to use it is already available in the form of the cloud. With will make it possible to provide internet connectivity at speeds of up to 100 Gbps, estimated to be over 2000 times faster that modern day broadband. The availability of massive amounts of LEDs will enable Wi-Fi connectivity in areas that were previously prohibited, including airplanes, hospitals and other secure locations.

Another major advantage of this lightning fast connectivity is zero electromagnetic interference (ZEI), a feature that will eliminate the risk of radiation exposure from wireless data transmission. With the help of the cloud, Li-Fi will also offer enhanced data protection, seeing that light cannot pass through walls. This would make it virtually impossible to hack in to a data system from the outside. And as radio and telecommunication frequencies get more congested, the demand for a faster and more efficient media of wireless communication means that Li-Fi has a built a bright future for itself, courtesy the cloud.

Cloud Office Solutions

Things like virtual reality and cloud gaming are what make the cloud fun to use, but the cloud also offers a number of professional benefits that have become the norm for doing business. Cloud office solutions are already in the market, allowing businesses to get an array of office services from a single provider who will install, integrate, manage and secure your business processes.

Cloud computing had proven its value to businesses a long time ago, but cloud office solutions have opened new doors for smaller businesses. Cloud-based office solutions allow SMEs to take advantage of cloud systems, without having to invest in expensive infrastructure, such as e-mail servers, and IT technicians. Even the current cloud office solutions offer on the go access and cost efficiencies over traditional software.

Cloud Analytics Services

Cloud analytics is a business service model that has some components of the data analytics process coming in directly through a private or public cloud. A major advantage of cloud analytics over traditional analytics is that they are available on a subscription model, which means you usually pay for what you use and how much you use.

Cloud-based analytics also gives businesses an effective alternative to predictive analytics, allowing them to cut costs on data that is more than just subjective. There are already a number of cloud analytics services that are being offered by cloud companies, including data social media analytics, and software-as-a-service business intelligence, commonly referred to as SaaS BI. The SaaS BI model is fully scalable, making it a great platform for start-ups to get affordable analytics data.

About the Author

Mauricio is the CEO of Cloudwards.net, a data and user feedback driven comparison engine for cloud apps and services. 

He enjoys writing and producing educational videos around the cloud to help people find the best cloud service for their needs.