Cloud providers continue to fill the cyber atmosphere, offering more effective and efficient ways for organizations to outsource their infrastructure burden and reap the benefits of these managed services. While this sounds like an all-around win for businesses, the responsibility and due diligence around security remain a responsibility of the customer. Amazon Web Service (AWS) is one of the most commonly used platforms and has one of the most robust security offerings.
As with any cloud provider, neglecting to pay attention to security in AWS can turn your cloud party into a thunderstorm. When it comes to top AWS security issues and solutions, here’s a five-pronged umbrella of risks and recommendations to keep you out of the rain.
A common misconception is that security offerings come out of the box by default and get automatically configured. In reality, each tenant plays a critical role in the security of their data. The same rigorous security requirements that apply in traditional environments should also apply within AWS.
Servers and applications need to be included in a regular patch cycle, anti-virus should be on all machines, and the systems should be scanned for vulnerabilities periodically. Visibility into the environment becomes even more important in AWS. Having a 3rd party maintain your environment, for instance, means that they potentially have access to your data and resources. Be sure to set up an appropriate logging and monitoring model and integrate with existing log analysis tools where possible so that you can keep track of who is doing what and get visibility into any activity trends. Also, don’t underestimate the need for tight access control, least privilege, and encryption key management.
Lastly, with so many different elements of security now being managed outside of your organization, setting a cloud-specific enterprise standard becomes an important component in securing AWS. The standard can guide the setup and maintenance process and, at a minimum, require protection of the AWS environment at a secure and consistent level across instances.
If you are handling sensitive information, you’ll want to pay attention to the compliance components of the AWS security offerings. An important thing to note here is that AWS certifies that they offer configurations that can help you meet compliance requirements, but it’s up to the customer to enable those functions.
If you decide to tweak the recommended configurations or don’t enable the right components, you may end up with gaps in compliance. When putting sensitive data in AWS, work closely with the engineers and a compliance expert to ensure the security controls are adequate and align with audit requirements.
There are tons of steps that can strengthen access controls in AWS. The basics of security still apply. Enable multi-factor authentication, leverage groups to assign user permissions, and ensure standard policies are set to drive use and configuration of the environment. Also, change credentials periodically, purge unnecessary accounts, apply the principle of least privilege, and constantly review access levels.
If working in a multi-tenant space, it’s important to understand who could potentially have access to your environment if you aren't careful. There should be clear demarcations between resources consumed by other tenants working in the same environment. Under no circumstance should third parties have access to your information without your explicit authorization. While this is mainly the responsibility of AWS, doing your due diligence through logging, monitoring, and access reviews doesn’t hurt. Provisions that address these concerns can also be outlined in the contract.
These are only a few of the common AWS security practices to keep in mind. There is much more to consider to keep your environment safe. To ensure you are up to date on the latest threats in your system and the steps you can take to mitigate, consider using a dedicated AWS security platform.
Operating within AWS requires clear roles and responsibilities between AWS and the tenant. In a shared responsibility environment, knowing who’s responsible, accountable, consulted, and informed (RACI) when it comes to different security functions is critical. An RACI should be clearly outlined and understood by all involved in managing the AWS environment.
AWS security is about more than the technical configuration of the platform and your instances. If there is a breach, who is liable? If you decide you want your data securely wiped from the servers, how do you ensure that happens especially in multi-tenant situations? Since the data isn’t on your premise anymore, from a privacy regulation standpoint are you still considered the data owner?
These are critical questions to ask as you set up contracts with third-party cloud providers like AWS. Before entering official partnerships with cloud providers, ensure you have a lawyer or security professional who’s familiar with the legal implications of cloud environments.
AWS customers play a critical role in securing their cloud environments. Avoid the rain by owning your role and keeping these five recommendations in mind as you navigate the cloud. For additional assistance with your AWS security needs, consider a dedicated AWS security platform like Intelligent Discovery.
These are critical questions to ask as you set up contracts with third-party cloud providers like AWS. Before entering official partnerships with cloud providers, ensure you have a lawyer or security professional who’s familiar with the legal implications of cloud environments.
LDAPTIVE, LLC 2018 © All Rights Reserved. Privacy Policy | Terms of Service