Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional cybersecurity solutions.
If you’re an existing Amazon Web Services customer or are considering migrating to AWS, it’s likely you have major concerns around security. Cloud security has become a top risk and a top priority for enterprises because cloud assets are becoming the biggest targets for cyberattacks.
No doubt, AWS does everything it possibly can to protect itself and its customers; however, the reality is that AWS isn’t infallible and there have been numerous incidents in the recent past where hackers and cybercriminals have successfully attacked and breached AWS customers.
So the key question is, what should organizations be doing to make their cloud infrastructure more secure? Short answer: Take your shared responsibility seriously.
The AWS Shared Responsibility
The AWS shared responsibility model specifies that security and compliance are both shared responsibilities between Amazon and its customers. This means that while AWS assumes responsibility for securing its physical data centers, servers, hardware, networking and infrastructure, the customer is considered equally responsible for securing its own data, applications, configurations and user access within their environment.
In other words, while AWS is committed to providing security of the cloud, the customer is responsible for deploying security in the cloud.
Best Practices For Deploying Security In AWS
Security is one of the foundational pillars of Amazon’s “Well-Architected” framework. From a security architecture standpoint, there are seven design principles that Amazon recommends customers follow. I will expand on these below.
1. Deploying Robust Identity Security
Granting unnecessary or excessive privileges can lead to devastating outcomes (privilege misuse, misconfigurations, compliance violations). To prevent this, organizations must ensure that every user, application or service is linked to an identity and these identities can use only those resources that they are authorized to do so using security tools that help enforce the principle of least privilege.
2. Using Multilayered Controls
Just as one has multiple layers of protection for their on-premises data center (for example, firewall and intrusion prevention systems, endpoint protection, data leakage prevention, multifactor authentication, etc.), one needs layered security to protect their cloud environment. Furthermore, it is important to have multiple security controls at all layers, including physical, network, data and application.
3. Ensuring Monitoring, Alerting And Logging
To analyze suspicious activities and investigate security incidents proactively, one must have the ability to store, monitor, alert and review changes to the AWS environment in real time. Therefore, it is necessary for organizations to have tools and systems in place that can store logs, analyze security events and report anomalies.
4. Utilizing Automation
The cloud attack surface is so vast that it is extremely difficult for humans to manually manage and monitor security controls as well as analyze telemetry from diverse security systems. It is recommended that organizations use some AI-based security solutions that can automatically perform security checks and adapt security controls proactively.
5. Securing Data At Rest And In Motion
It is important to classify and prioritize data based on its sensitivity. Using methods such as encryption, tokenization and access control, organizations can prevent sensitive data from being wrongfully or accidentally accessed, moved, altered or deleted.
6. Protecting Data From Human Error
Human error is one of the main reasons why cloud breaches happen. It is, therefore, advisable to adopt tools and processes that limit human access to data and apply stringent controls that permit only authorized people to access and modify data. This reduces risks relating to human errors such as mishandling or modification and boosts data privacy and compliance efforts.
7. Preparing For Security Incidents
Breaches and cyberattacks can happen to anyone at any time, regardless of the level of security they have in place. Organizations must always have an incident response plan ready so that it can aid in faster response and recovery. But remember, having a plan is not enough. It’s also important to conduct regular fire drills and incident response training with your employees so that everyone clearly understands their role and responsibilities during a security emergency.
Partnering With An AWS Approved Security Advisor
The most efficient path to following cybersecurity best practices is outsourcing to a provider that has been vetted by AWS. On the AWS marketplace, businesses can discover security partners approved and trusted by Amazon. These security advisors offer orchestration in a variety of service areas including AWS Well-Architected reviews, vendor risk assessments, penetration tests, compliance advisory, security training, managed detection and response (MDR), vCISO services (virtual chief security officer) and others.
With cloud computing, there’s so much at stake, particularly in the areas of security, governance and expertise. This is why it’s critical for organizations to follow the above best practices and consider leveraging a trusted security provider that can offer guidance, expertise and support wherever needed. The fact is, you’re responsible for your own security; Amazon is not.