Friday, August 30, 2019

Updated: Cloud App Security - an introduction

IBM Cloud offers security services
Two years back, I had created two blog articles providing an introduction to cloud app security with an overview of topics, then discussing details on how to implement those security requirements with (then) Bluemix services. Recently, I had some time to update look into cloud app security again, adapt my previous write-up to the current state of (now) IBM Cloud. You can read it on the IBM Cloud blog as "Cloud App Security: What Makes a Secure App?".

Happy reading! If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Monday, August 19, 2019

Track API key usage by combining IBM Cloud IAM and LogDNA search

Which key is still in use...?
Recently, I blogged about tracking account activity from the command line. I showed you how to search IBM Cloud Activity Tracker with LogDNA records using a Python script. Today, I discuss how to combine the IAM Identity Services API with the LogDNA search to track usage of API keys. The goal is to find out whether API keys for a user or service ID were recently used. If they were not used for long, they might be up for deletion.

Offboarding on IBM Cloud: Considerations when removing a user

Only authorized persons have access
Over my past blog posts I have looked into how to rotate credentials in different compute environments. I looked at Cloud Foundry on IBM Cloud, Cloud Functions and Kubernetes. The background is that I wanted to understand what it takes to maintain security during the regular DevSecOps cycles and when someone in the team leaves. The latter often is called offboarding.

Monday, August 12, 2019

Get some REST with Db2

Db2 has a REST API
Many of the IBM Cloud services have a REST API, an overview of REST APIs is here in the IBM Cloud docs. Recently, I realized that I had not yet tried the Db2 on Cloud API and the API for Db2 Warehouse on Cloud. Thus, last Friday I took some time to test out some code using one of my Db2 instances on IBM Cloud. Here is what you need to get started....

Wednesday, August 7, 2019

Track it from the command line: Search audit events in LogDNA using Python

Take a look at security logs
Earlier this year, IBM and LogDNA announced an integrated offering Activity Tracker with LogDNA. It allows to manage and search activity events in LogDNA instances on IBM Cloud. There are IAM, account management and all kinds of service instance events that can be tracked. Viewing the events is typically done in the LogDNA UI. I, however, want to perform searches on the command line and integrate it with Cloud Functions. In this article, I discuss the small tool that I wrote the search the activity logs and export them.

Thursday, August 1, 2019

Use a Delivery Pipeline to rotate credentials

Job in Delivery Pipeline to rotate keys
In my recent posts I touched on updating credentials for solutions deployed on IBM Cloud Functions or using Cloud Foundry on IBM Cloud. Today, I am showing you how to rotate API keys and passwords for a containerized solution on IBM Kubernetes Service that makes use of a delivery pipeline (devops). I am going to use the app discussed in the tutorial on how to apply end to end security to a cloud application.