Operating a highly available, secure SaaS solution in the AWS cloud is hard. The problems faced by both large and small organizations are roughly the same. Therefore it may be logical to assume that the solutions are as well. The only real difference is scale.
Enter Netflix. I have always been impressed by the depth and openness of Netflix relative to internally developed open source tools they make available through their Open Source Software Center. Startups and emerging companies typically lack resources to utilize best of breed paid solutions for security, availability, cloud management etc.
Netflix has made a conscious decision to pay it forward and I for one appreciate their commitment.
Enter “Security Monkey“. A Netflix security and audit tool for aggregating and reporting on configuration, specifically as it relates to state. The last is important. As explained by Netflix:
“CloudTrail provides verbose data on API calls, but has no sense of state in terms of how a particular configuration item (e.g. security group) has changed over time. Security Monkey provides exactly this capability.”
Security Monkey adds another tool to the AWS security practitioners tool-belt to help mitigate operational risk and prove up our security posture at audit time. Win-Win.
But never give a monkey a gun… BAD security practice.