EXECUTIVE SUMMARY:

Remember when CodeSpaces was forced out of business within 12 hours after attackers compromised their AWS account? Or, more recently, when Timehop experienced a massive breach of customer information after hackers obtained credentials? The latter intrusion remained undiscovered for more than 6 months.

Amazon Web Services (AWS) is a cloud service provider that nearly every company has some level of familiarity with. AWS is the number one IaaS provider for the 8th year in a row, according to an analyst firm.

While companies need to increase visibility into cloud-native behavior and activity across AWS environments, they’ve generally proved slow to pick up on AWS security best practices.

Given the growing complexities of today’s data, use-cases, compliance requirements and so forth, enterprises often struggle when it comes to recognizing how they can protect and secure their data, that of their customers, and their business as a whole ahead of moving to, or while expanding on, AWS.

AWS cloud security tips

1. Prioritize a security strategy. AWS administrators are often confused about how to approach cloud security in the first place. Are tools and controls the first priority, or is a slow-cooker approach to establishing a security strategy the right initial course of action?

Although this might overtly look like a no-brainer, security administrators don’t always arrive at the right answer. Most of the time, the security strategy should represent the first priority. Getting a strategy into place also helps security administrators integrate security into other business functions and workflows.

2. Overcome lack of security visibility. Security visibility is critical in order to account for who is accessing which resources, and across which areas of the organization.

Security administrators commonly need more information than IDS logs provide. For example, it’s critical to know more than the fact that a certain packet went out over the wire. Rather, administrators should be able to see specific events over time on specific servers.

Security administrators should consider going beyond logs. Although logs are useful, they provide limited insights into what’s happening. By way of analogy, it’s one thing to record who is entering and departing from a building. It’s another to be able to understand their behaviors when inside the building. Typical network-based intrusion detection (NIDS) commonly fails to offer much information to work with after a compromise. In turn, host-based intrusion detection may have a role to play within your organization, showing security administrators the what, when, and where at all stages of and after a cyber attack.

3. Determine liability. In cloud security, liability is a popular topic. This is largely due to the fact that, if and when a security event occurs, organizations need to know who to hold accountable. At present, providers like AWS are taking on more security responsibility than ever; taking responsibility for everything above the virtual machine layer. However, users retain responsibility for access control, monitoring and log audits. A proactive stance when it comes to defining access levels and monitoring activity across the network will help organizations pinpoint liability in the event of disruption to the AWS environment.

4. Understand attacker motivations. Organizations have been quick to trust sensitive information to cloud providers like AWS. For example, many healthcare companies, credit card vendors, and investing institutions host data in the cloud. This transforms these enterprises and AWS into vulnerable attack targets.

Increase security resilience by turning on multi-factor authentication, monitoring for anomalous logins through security monitoring, implementing a logging service at the host level, and by using AWS Secrets Manager or another management system to rotate credentials.

5. Address compliance regulations on Day 1. Although companies such as AWS offer a certain level of protection, they remain unable to address every aspect of compliance. However, AWS can and does provide protections like encryption for Personally Identifiable Information; both at-rest and in flight. That said, it doesn’t continuously monitor data for anomalous behavior or offer host-level insights that can address core components of security issues.

Because understanding AWS’s compliance features is time-consuming, some companies in highly regulated industries stay with the status-quo, sticking with on-prem solutions. In today’s world, staying competitive often means moving to the cloud. There are many security vendors, like Check Point, that can help organizations address cloud compliance concerns.

Is your organization interested in evolving its existing cloud security or in moving forward on a new cloud security journey? Learn more here. See more CyberTalk.org cloud security tips here. Lastly, to receive more timely cyber security news, insights into emerging trends and cutting-edge analyses, please sign up for the cybertalk.org newsletter.